Azure API管理:具有后端API的Oauth2 [英] Azure API Management: Oauth2 with backend API

查看:88
本文介绍了Azure API管理:具有后端API的Oauth2的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个后端API,我想使用Azure API管理进行代理. 这个后端API需要我提供Bearer Oauth2令牌. 我想使用Azure APIM为我处理Oauth2流,并且我想公开一个非常简单的API,供客户端应用程序使用.我想避免我的客户端应用程序使用Oauth2. 如何使用API​​M处理它?我发现了很多示例,这些示例演示了如何使用Oauth2保护后端API,但这不是我要实现的用例. 谢谢.

I have a backend API I want to proxy by using Azure API Management. This backend API requires me to provide a Bearer Oauth2 token. I want to use Azure APIM to handle the Oauth2 flows for me, and I want to expose a very simple API that will be consumed by client apps. I want to avoid my client App to use Oauth2. How can I handle it with APIM? I found a lot of samples demonstrating how to protect a backend API with Oauth2, but it is not the use case I'm trying to implement. Thanks.

推荐答案

以下是实现此目的的政策摘要:

Here is a policy snippet to make this work:

    <send-request ignore-error="true" timeout="20" response-variable-name="bearerToken" mode="new">
        <set-url>{{authorizationServer}}</set-url>
        <set-method>POST</set-method>
        <set-header name="Content-Type" exists-action="override">
            <value>application/x-www-form-urlencoded</value>
        </set-header>
        <set-body>   
            @{
                return "client_id={{clientId}}&resource={{scope}}&client_secret={{clientSecret}}&grant_type=client_credentials";
            }
        </set-body>
    </send-request>

    <set-header name="Authorization" exists-action="override">
        <value>
            @("Bearer " + (String)((IResponse)context.Variables["bearerToken"]).Body.As<JObject>()["access_token"])
        </value>
    </set-header>

    <!--  We do not want to expose our APIM subscription key to the backend API  -->
        <set-header exists-action="delete" name="Ocp-Apim-Subscription-Key"/>

发件人:在APIM小组的APIM政策摘录分支上

And on the APIM policy snippets branch from the APIM team https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Get%20OAuth2%20access%20token%20from%20AAD%20and%20forward%20it%20to%20the%20backend.policy.xml

这篇关于Azure API管理:具有后端API的Oauth2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆