Edit

Create an authorization with the GitHub API

  • Article

In this article, you learn how to create an authorization in API Management and call a GitHub API that requires an authorization token. The authorization code grant type is used in this example.

You learn how to:

  • Register an application in GitHub
  • Configure an authorization in API Management.
  • Authorize with GitHub and configure access policies.
  • Create an API in API Management and configure a policy.
  • Test your GitHub API in API Management

Prerequisites

Step 1: Register an application in GitHub

  1. Sign in to GitHub.

  2. In your account profile, go to Settings > Developer Settings > OAuth Apps > New OAuth app.

    Screenshot of registering a new OAuth application in GitHub.

    1. Enter an Application name and Homepage URL for the application. For this example, you can supply a placeholder URL such as http://localhost.
    2. Optionally, add an Application description.
    3. In Authorization callback URL (the redirect URL), enter https://authorization-manager.consent.azure-apim.net/redirect/apim/<YOUR-APIM-SERVICENAME>, substituting the name of the API Management instance where you will configure the authorization provider.

  3. Select Register application.

  4. On the General page, copy the Client ID, which you'll use in Step 2.

  5. Select Generate a new client secret. Copy the secret, which won't be displayed again, and which you'll use in Step 2.

    Screenshot showing how to get client ID and client secret for the application in GitHub.

Step 2: Configure an authorization in API Management

  1. Sign into the portal and go to your API Management instance.

  2. On the left menu, select Authorizations > + Create.

    Screenshot of creating an API Management authorization in the Azure portal.

  3. On the Create authorization page, enter the following settings, and select Create:

    Settings Value
    Provider name A name of your choice, such as github-01
    Identity provider Select GitHub
    Grant type Select Authorization code
    Client ID Paste the value you copied earlier from the app registration
    Client secret Paste the value you copied earlier from the app registration
    Scope For this example, set the scope to User
    Authorization name A name of your choice, such as github-auth-01

  4. After the authorization provider and authorization are created, select Next.

Step 3: Authorize with GitHub and configure access policies

  1. On the Login tab, select Login with GitHub. Before the authorization will work, it needs to be authorized at GitHub.

    Screenshot of logging into the GitHub authorization from the portal.

  2. If prompted, sign in to your GitHub account.

  3. Select Authorize so that the application can access the signed-in user’s account.

  4. On the confirmation page, select Allow access.

  5. After successful authorization, the browser is redirected to API Management and the window is closed. In API Management, select Next.

  6. After successful authorization, the browser is redirected to API Management and the window is closed. When prompted during redirection, select Allow access. In API Management, select Next.

  7. On the Access policy page, create an access policy so that API Management has access to use the authorization. Ensure that a managed identity is configured for API Management. Learn more about managed identities in API Management.

  8. For this example, select API Management service <service name>, and then click "+ Add members". You should see your access policy in the Members table below.

    Screenshot of selecting a managed identity to use the authorization.

  9. Select Complete.

Step 4: Create an API in API Management and configure a policy

  1. Sign into the portal and go to your API Management instance.

  2. On the left menu, select APIs > + Add API.

  3. Select HTTP and enter the following settings. Then select Create.

    Setting Value
    Display name githubuser
    Web service URL https://api.github.com
    API URL suffix githubuser

  4. Navigate to the newly created API and select Add Operation. Enter the following settings and select Save.

    Setting Value
    Display name getauthdata
    URL for GET /user

    Screenshot of adding a getauthdata operation to the API in the portal.

  5. Follow the preceding steps to add another operation with the following settings.

    Setting Value
    Display name getauthfollowers
    URL for GET /user/followers

  6. Select All operations. In the Inbound processing section, select the (</>) (code editor) icon.

  7. Copy the following, and paste in the policy editor. Make sure the provider-id and authorization-id correspond to the names in Step 2. Select Save.

    <policies>
    <inbound>
        <base />
        <get-authorization-context provider-id="github-01" authorization-id="github-auth-01" context-variable-name="auth-context" identity-type="managed" ignore-error="false" />
        <set-header name="Authorization" exists-action="override">
            <value>@("Bearer " + ((Authorization)context.Variables.GetValueOrDefault("auth-context"))?.AccessToken)</value>
        </set-header>
        <set-header name="User-Agent" exists-action="override">
            <value>API Management</value>
        </set-header>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

The preceding policy definition consists of three parts:

  • The get-authorization-context policy fetches an authorization token by referencing the authorization provider and authorization that were created earlier.
  • The first set-header policy creates an HTTP header with the fetched authorization token.
  • The second set-header policy creates a User-Agent header (GitHub API requirement).

Step 5: Test the API

  1. On the Test tab, select one operation that you configured.

  2. Select Send.

    Screenshot of testing the API successfully in the portal.

    A successful response returns user data from the GitHub API.

Next steps