Protect an API in Azure API Management using OAuth - Step-by-Step Tutorial

Поделиться
HTML-код
  • Опубликовано: 16 янв 2025

Комментарии • 39

  • @CyberJuke5
    @CyberJuke5 Месяц назад +1

    I've never leaned how this works in practice, kudos for this nice vid!

  • @kendeanon3171
    @kendeanon3171 Месяц назад +1

    Thank you it helped with my project!

  • @KrisMeister
    @KrisMeister Год назад +1

    This was quick but good. I have used Oauth plenty as a developer, but have never setup it up with Azure.

  • @DacarSoft
    @DacarSoft Год назад +1

    Thanks, great video

  • @stergiazotali2282
    @stergiazotali2282 Год назад +1

    Sweet and short! It helped me resolved my task!!

  • @bekkur81
    @bekkur81 4 месяца назад +1

    Simply amazing! You have helped so much on a tight deadline!

    • @srigunnala
      @srigunnala  4 месяца назад +1

      I am glad it helped you!

  • @merovingian8853
    @merovingian8853 Год назад +1

    Perfect! Loved the fact this this has clear explanation of what is being registered in AD and why. Thanks! helped me in setting up APIM.

    • @srigunnala
      @srigunnala  Год назад +1

      I am glad you found it helpful! Cheers, Sri!

  • @dheeraj0076
    @dheeraj0076 Год назад +2

    short and sweet demo with precise steps. Thank you :)

    • @srigunnala
      @srigunnala  Год назад

      I am gland you liked it. Thanks, Sri!

  • @phenomenal325
    @phenomenal325 2 месяца назад

    Can't you bypass a pim if you get the function app URL, what's protecting it at that level?

  • @bartleyrob
    @bartleyrob Год назад +2

    very to the point thanks !

  • @mannyb4265
    @mannyb4265 8 месяцев назад +2

    Very good guide. Thank you.

  • @smellbow
    @smellbow 4 месяца назад +1

    Great video, really helped me understand the process and setup a simple demo api with oauth i can build upon.

  • @satyakarri9277
    @satyakarri9277 10 месяцев назад

    Great video. Thanks for spending time to put it together.

  • @Ashok_mukkara
    @Ashok_mukkara Год назад +1

    I don't want to supply client secret in client scripts ... we have thousands of devices call APIs through APIM. I don't want share client secret in devices

  • @amiitdas
    @amiitdas Год назад

    @Sri Gunnala- Hi Sri Gunnala, I am able to generate the access token by configuring this and also added the jwt-validation policy in inbound request of the api to protect it. The problem is even though I have added the aut token as bearer, it shows invalid auth token error. Do I need to make any configuration related settings in apim itself for open-id connect

    • @kesavprakash9580
      @kesavprakash9580 Год назад

      same for me got any solution?

    • @sumitsandhir5112
      @sumitsandhir5112 10 месяцев назад

      Hi Please remove api:// from the scope while adding it inside name value section. Then try again, I hope it works.

    • @huskyanimal3888
      @huskyanimal3888 9 месяцев назад

      @@sumitsandhir5112 Still doesn't work for me, any solution else ?

  • @dhanasekarapandiansrinivas4542

    Interesting.. is it possible to protect only few endpoints which path starts with some prefix? for example
    lets say /public/* are unprotected and /protected/api/* are all protected

    • @srigunnala
      @srigunnala  Год назад

      Hello, Thanks for checking my video.
      You can simply separate them by product and apply policies at product-level

    • @cloudbaud7794
      @cloudbaud7794 Месяц назад

      Can products then have hierarchy

  • @atulonweb1
    @atulonweb1 5 месяцев назад +1

    Thanks buddy... but what about refresh token, how that will be generated
    and validated

  • @dotnet8925
    @dotnet8925 5 месяцев назад

    quick and informative

  • @SupreetaPoojary-s4d
    @SupreetaPoojary-s4d Год назад

    Hi @Sri Gunnala, thanks for the video. I have one doubt. If we can authentication in function app itself, then why do we need to configure Api management service?

    • @MarkoVukovic0
      @MarkoVukovic0 Год назад

      This is for authorization, not authentication.

  • @renanpinheiro1688
    @renanpinheiro1688 8 месяцев назад +1

    Thank you very much for your video, but I had a question: If I have more than one customer wanting to use my api, do I always need to create a new app for them to access? If so, how do I dynamically add a new scope in APIM policies?

  • @samithafernando6432
    @samithafernando6432 Год назад +1

    Is there a way to use another identity provider such as Okta or Auth0 and perform OIDC flow?

  • @LaxmideviMule
    @LaxmideviMule Год назад

    Great video! I want to secure powerautomate when a http request is recieved flow through api management could you please do a video on this as its not available in the entire internet.

  • @kotisadhu8410
    @kotisadhu8410 9 месяцев назад

    Hi Sri, Can we apply SharePoint permissions to the azure app and authenticate the SharePoint api?

  • @adityakalburgi1548
    @adityakalburgi1548 Год назад

    I am getting security recommendation as API endpoints in azure api management should be authenticated. I have openai as backend & I dont want to use Azure AD. How should I resolve this issue using other self service setup other than Azure AD. Can you please guide me on this?

  • @ianwanjala8621
    @ianwanjala8621 11 месяцев назад

    how does this work in the dev portal?

  • @mediocre.climber
    @mediocre.climber Год назад

    Given that I know the url to the backend function, what stops me from calling it directly?