Microsoft.ApiManagement service/authorizationServers

Bicep resource definition

The service/authorizationServers resource type can be deployed to:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ApiManagement/service/authorizationServers resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.ApiManagement/service/authorizationServers@2022-04-01-preview' = {
  name: 'string'
  parent: resourceSymbolicName
  properties: {
    authorizationEndpoint: 'string'
    authorizationMethods: [
      'string'
    ]
    bearerTokenSendingMethods: [
      'string'
    ]
    clientAuthenticationMethod: [
      'string'
    ]
    clientId: 'string'
    clientRegistrationEndpoint: 'string'
    clientSecret: 'string'
    defaultScope: 'string'
    description: 'string'
    displayName: 'string'
    grantTypes: [
      'string'
    ]
    resourceOwnerPassword: 'string'
    resourceOwnerUsername: 'string'
    supportState: bool
    tokenBodyParameters: [
      {
        name: 'string'
        value: 'string'
      }
    ]
    tokenEndpoint: 'string'
    useInApiDocumentation: bool
    useInTestConsole: bool
  }
}

Property values

service/authorizationServers

Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.
string (required)

Character limit: 1-80

Valid characters:
Alphanumerics and hyphens.

Start with letter and end with alphanumeric.
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: service
properties Properties of the External OAuth authorization server Contract. AuthorizationServerContractProperties

AuthorizationServerContractProperties

Name Description Value
authorizationEndpoint OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2. string (required)
authorizationMethods HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. String array containing any of:
'DELETE'
'GET'
'HEAD'
'OPTIONS'
'PATCH'
'POST'
'PUT'
'TRACE'
bearerTokenSendingMethods Specifies the mechanism by which access token is passed to the API. String array containing any of:
'authorizationHeader'
'query'
clientAuthenticationMethod Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. String array containing any of:
'Basic'
'Body'
clientId Client or app id registered with this authorization server. string (required)
clientRegistrationEndpoint Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. string (required)
clientSecret Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. string
defaultScope Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. string
description Description of the authorization server. Can contain HTML formatting tags. string
displayName User-friendly authorization server name. string (required)
grantTypes Form of an authorization grant, which the client uses to request the access token. String array containing any of:
'authorizationCode'
'clientCredentials'
'implicit'
'resourceOwnerPassword' (required)
resourceOwnerPassword Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. string
resourceOwnerUsername Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. string
supportState If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. bool
tokenBodyParameters Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. TokenBodyParameterContract[]
tokenEndpoint OAuth token endpoint. Contains absolute URI to entity being referenced. string
useInApiDocumentation If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided. bool
useInTestConsole If true, the authorization server may be used in the developer portal test console. True by default if no value is provided. bool

TokenBodyParameterContract

Name Description Value
name body parameter name. string (required)
value body parameter value. string (required)

ARM template resource definition

The service/authorizationServers resource type can be deployed to:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ApiManagement/service/authorizationServers resource, add the following JSON to your template.

{
  "type": "Microsoft.ApiManagement/service/authorizationServers",
  "apiVersion": "2022-04-01-preview",
  "name": "string",
  "properties": {
    "authorizationEndpoint": "string",
    "authorizationMethods": [ "string" ],
    "bearerTokenSendingMethods": [ "string" ],
    "clientAuthenticationMethod": [ "string" ],
    "clientId": "string",
    "clientRegistrationEndpoint": "string",
    "clientSecret": "string",
    "defaultScope": "string",
    "description": "string",
    "displayName": "string",
    "grantTypes": [ "string" ],
    "resourceOwnerPassword": "string",
    "resourceOwnerUsername": "string",
    "supportState": "bool",
    "tokenBodyParameters": [
      {
        "name": "string",
        "value": "string"
      }
    ],
    "tokenEndpoint": "string",
    "useInApiDocumentation": "bool",
    "useInTestConsole": "bool"
  }
}

Property values

service/authorizationServers

Name Description Value
type The resource type 'Microsoft.ApiManagement/service/authorizationServers'
apiVersion The resource api version '2022-04-01-preview'
name The resource name

See how to set names and types for child resources in JSON ARM templates.
string (required)

Character limit: 1-80

Valid characters:
Alphanumerics and hyphens.

Start with letter and end with alphanumeric.
properties Properties of the External OAuth authorization server Contract. AuthorizationServerContractProperties

AuthorizationServerContractProperties

Name Description Value
authorizationEndpoint OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2. string (required)
authorizationMethods HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. String array containing any of:
'DELETE'
'GET'
'HEAD'
'OPTIONS'
'PATCH'
'POST'
'PUT'
'TRACE'
bearerTokenSendingMethods Specifies the mechanism by which access token is passed to the API. String array containing any of:
'authorizationHeader'
'query'
clientAuthenticationMethod Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. String array containing any of:
'Basic'
'Body'
clientId Client or app id registered with this authorization server. string (required)
clientRegistrationEndpoint Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. string (required)
clientSecret Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. string
defaultScope Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. string
description Description of the authorization server. Can contain HTML formatting tags. string
displayName User-friendly authorization server name. string (required)
grantTypes Form of an authorization grant, which the client uses to request the access token. String array containing any of:
'authorizationCode'
'clientCredentials'
'implicit'
'resourceOwnerPassword' (required)
resourceOwnerPassword Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. string
resourceOwnerUsername Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. string
supportState If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. bool
tokenBodyParameters Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. TokenBodyParameterContract[]
tokenEndpoint OAuth token endpoint. Contains absolute URI to entity being referenced. string
useInApiDocumentation If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided. bool
useInTestConsole If true, the authorization server may be used in the developer portal test console. True by default if no value is provided. bool

TokenBodyParameterContract

Name Description Value
name body parameter name. string (required)
value body parameter value. string (required)

Terraform (AzAPI provider) resource definition

The service/authorizationServers resource type can be deployed to:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ApiManagement/service/authorizationServers resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.ApiManagement/service/authorizationServers@2022-04-01-preview"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      authorizationEndpoint = "string"
      authorizationMethods = [
        "string"
      ]
      bearerTokenSendingMethods = [
        "string"
      ]
      clientAuthenticationMethod = [
        "string"
      ]
      clientId = "string"
      clientRegistrationEndpoint = "string"
      clientSecret = "string"
      defaultScope = "string"
      description = "string"
      displayName = "string"
      grantTypes = [
        "string"
      ]
      resourceOwnerPassword = "string"
      resourceOwnerUsername = "string"
      supportState = bool
      tokenBodyParameters = [
        {
          name = "string"
          value = "string"
        }
      ]
      tokenEndpoint = "string"
      useInApiDocumentation = bool
      useInTestConsole = bool
    }
  })
}

Property values

service/authorizationServers

Name Description Value
type The resource type "Microsoft.ApiManagement/service/authorizationServers@2022-04-01-preview"
name The resource name string (required)

Character limit: 1-80

Valid characters:
Alphanumerics and hyphens.

Start with letter and end with alphanumeric.
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: service
properties Properties of the External OAuth authorization server Contract. AuthorizationServerContractProperties

AuthorizationServerContractProperties

Name Description Value
authorizationEndpoint OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2. string (required)
authorizationMethods HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. String array containing any of:
"DELETE"
"GET"
"HEAD"
"OPTIONS"
"PATCH"
"POST"
"PUT"
"TRACE"
bearerTokenSendingMethods Specifies the mechanism by which access token is passed to the API. String array containing any of:
"authorizationHeader"
"query"
clientAuthenticationMethod Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. String array containing any of:
"Basic"
"Body"
clientId Client or app id registered with this authorization server. string (required)
clientRegistrationEndpoint Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. string (required)
clientSecret Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. string
defaultScope Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. string
description Description of the authorization server. Can contain HTML formatting tags. string
displayName User-friendly authorization server name. string (required)
grantTypes Form of an authorization grant, which the client uses to request the access token. String array containing any of:
"authorizationCode"
"clientCredentials"
"implicit"
"resourceOwnerPassword" (required)
resourceOwnerPassword Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. string
resourceOwnerUsername Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. string
supportState If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. bool
tokenBodyParameters Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. TokenBodyParameterContract[]
tokenEndpoint OAuth token endpoint. Contains absolute URI to entity being referenced. string
useInApiDocumentation If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided. bool
useInTestConsole If true, the authorization server may be used in the developer portal test console. True by default if no value is provided. bool

TokenBodyParameterContract

Name Description Value
name body parameter name. string (required)
value body parameter value. string (required)