Protect an API in Azure API Management using OAuth - Step-by-Step Tutorial

preview_player
Показать описание
This comprehensive step-by-step tutorial demonstrates how to protect your APIs in Azure API Management using OAuth. OAuth is an open standard for authorization that enables secure access to your APIs without sharing user credentials. By integrating OAuth with Azure API Management, you can ensure that your API is accessible only to authorized users and applications.

📌 Timestamps:
00:00 - Introduction and Context
01:14 - OAuth Flow and Demo outline
01:51 - Demo

Come and say Hi!

Don't forget to like, share, and subscribe to stay up to date with the latest Azure and .NET tutorials!

#AzureAPIManagement #OAuth #APIsecurity
  1. Sri Gunnala - Tech Talks
  2. AzureAPIManagement
  3. OAuth
  4. APIsecurity
  5. AzureActiveDirectory
  6. OAuth2
Рекомендации по теме
Protect APIs in 0:30:55

Protect APIs in API Management using Azure Active Directory

Protect an API 0:09:13

Protect an API in Azure API Management using OAuth - Step-by-Step Tutorial

Securing Your Web 0:11:39

Securing Your Web API with Azure AD B2C JWT Validation Policy: A Step-by-Step Guide | Azure | LSC

API Management | 0:11:10

API Management | Protect Your Backend API with Azure AD using APIM

Protect APIs with 2:01:11

Protect APIs with Azure API Management and Azure AD

API Authentication with 0:26:35

API Authentication with OAuth using Azure AD

How to get 0:04:09

How to get started with Azure API Management | Azure Tips and Tricks

Secure your APIs 0:29:40

Secure your APIs with Azure Application Gateway and Azure API Management

Develop solutions with 0:56:15

Develop solutions with Azure AI Document Intelligence

Secure your API 1:12:41

Secure your API program with Azure API Management

E14 Using 0:22:15

E14 Using API Management to protect Azure Functions

Secure your API 0:47:25

Secure your API program with Azure API Management

OAuth 2.0 in 0:11:00

OAuth 2.0 in Azure API management

Secure Serverless APIs 0:13:52

Secure Serverless APIs with Python FastAPI, Azure AD and Azure Functions

Secure ASP.NET Web 0:29:40

Secure ASP.NET Web API with Microsoft Entra ID or Azure MSAL

Azure Static Web 0:29:56

Azure Static Web App with a protected API

How to protect 0:13:48

How to protect Azure function app by AAD

Secure APIM with 0:25:03

Secure APIM with Application Gateway | Azure App Gateway | App Gateway

Azure Security best 0:05:46

Azure Security best practices | Azure Tips and Tricks

How to secure 0:09:11

How to secure your C# API w/ Azure Static Web Apps [13 of 22] | Azure Tips and Tricks

Secure Mule API 0:14:22

Secure Mule API with JSON Web Token (JWT) using Azure Active Directory

Azure API Management 0:06:56

Azure API Management in 7 minutes (from provisioning to API deployment) - tutorial for beginners

Azure API Management 0:13:41

Azure API Management B2B Security

Azure AD Authentication 0:09:10

Azure AD Authentication Secured API | Test Using Postman

Комментарии
Автор

Perfect! Loved the fact this this has clear explanation of what is being registered in AD and why. Thanks! helped me in setting up APIM.

merovingian
Автор

This was quick but good. I have used Oauth plenty as a developer, but have never setup it up with Azure.

KrisMeister
Автор

Great video. Thanks for spending time to put it together.

satyakarri
Автор

short and sweet demo with precise steps. Thank you :)

dheeraj
Автор

Sweet and short! It helped me resolved my task!!

stergiazotali
Автор

Is there a way to use another identity provider such as Okta or Auth0 and perform OIDC flow?

samithafernando
Автор

Thank you very much for your video, but I had a question: If I have more than one customer wanting to use my api, do I always need to create a new app for them to access? If so, how do I dynamically add a new scope in APIM policies?

renanpinheiro
Автор

Hi Sri, Can we apply SharePoint permissions to the azure app and authenticate the SharePoint api?

kotisadhu
Автор

I am unable to add my APIs which one is hosted on AKS, how can I add

lfesozl
Автор

Great video! I want to secure powerautomate when a http request is recieved flow through api management could you please do a video on this as its not available in the entire internet.

gbvivol
Автор

I am getting security recommendation as API endpoints in azure api management should be authenticated. I have openai as backend & I dont want to use Azure AD. How should I resolve this issue using other self service setup other than Azure AD. Can you please guide me on this?

adityakalburgi
Автор

Given that I know the url to the backend function, what stops me from calling it directly?

mediocre.climber
Автор

Hi @Sri Gunnala, thanks for the video. I have one doubt. If we can authentication in function app itself, then why do we need to configure Api management service?

qchbude
Автор

@Sri Gunnala- Hi Sri Gunnala, I am able to generate the access token by configuring this and also added the jwt-validation policy in inbound request of the api to protect it. The problem is even though I have added the aut token as bearer, it shows invalid auth token error. Do I need to make any configuration related settings in apim itself for open-id connect

amiitdas
Автор

Interesting.. is it possible to protect only few endpoints which path starts with some prefix? for example
lets say /public/* are unprotected and /protected/api/* are all protected

dhanasekarapandiansrinivas
Автор

I don't want to supply client secret in client scripts ... we have thousands of devices call APIs through APIM. I don't want share client secret in devices

ashokm