Protect your WEB API in Azure by using Oauth 2.0 Authorization with Azure AD

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so hello you guys in my last video we were talking about oath to and how to configure oauth 2 and a couple of issues that i have configured goes to well in this video we fix all those issues and we configure everything and with this is on the developer portal on the usher and we test this on on postman to an usher uh watch the video and see how the steps are i'm gonna try to put a pdf file with all the step other pdf files that i built with all the stats that you need to configure the 80 applications in azure and this o2 server in in the api management studio and not sure and all the testing and you can watch the video maybe there's a couple of different steps in the pdf file because i didn't do it in order while i'm was recording the video but it's gonna be almost the same so thank you so hello you guys let's protect our api with oauth 2 identification and azure id or azure active directory in api management uh this is not going to require any code on your api this is going to be using the policies on the api and we're going to test that on the on postman and we're going to test that on [Music] the azure developer portal we're going to use the api it's already created in in the it's already created in our azure in the api management services so the api that we're going to use is the echo api so if you create a azure free account you you will be able to do the same stuff that i'm doing here following these steps um there's a couple of stuff that i already did i don't gonna lie i already test this to make a function i just want to show you how it works and how to do it because i have to grab information for different places even ask microsoft itself how the they do this stuff there's a couple an answer that microsoft didn't answer so so i want to show you how i do it and how it's working right now um if you saw my last video you're going to say that like there's a bunch of stuff that is failing i fix all those issues and you and i'm gonna refer the i'm gonna put a link on the video somewhere in this video so let's start this i'm gonna follow kind of follow these instructions and i'm gonna add a couple of stuff that uh that i have in my notes uh that i already built so um let's go the first step is go to the azure active directory we're going to follow this these steps again here's the link take a look at the link i'm going to put this over the top just to follow these saks exact instructions so let's go to azure azure active directory i'm sorry for my english it's not so good but let's do it let's try to understand this so i already have the two apps i'm gonna create two more so let's start with the first app it's gonna the steps that microsoft give you is gonna is telling you that create a new app use a name we're gonna use another name like uh let's use public test oath to backhand we're gonna use the uh account this option account accounts in this organization directory only and we're gonna click on the option web and we're gonna leave empty uh the ur that already actually you and i we're gonna click on register the step for the step i'm sorry the step five says go to review application id and create an application id so we're going to go here to redirect urls or you can go to my api permission expose api but if you click here it's going to take you right away i'm sorry it wasn't this one and in this add an applica an application id url url we're gonna set an uri we're gonna save it and we're gonna save on these notes and we're gonna do back-end client id url and let's save it here i think space everything i'm working on mac but this stuff works um on on windows store so it's the same procedure so it doesn't matter okay it's not not pasting everything let's go back copy to clipboard and paste now it works so the second step that i have let me take a look here so now we're going to add a scope and the scope with that we're going to have this user read we're going to leave only only and you need to add uh i can send i'm gonna add almost the same i'm sorry for the miss typo just read we add this scope and we're going to make a note about this scope how we clip and scope okay paste once we have that uh we're gonna create another application which is gonna be the front so we're gonna go back let's try to use the same naming convention so [Music] let's go back default directory new registration but this time we're gonna name a client we're gonna use the same option the first option web and we're gonna leave the redirection url empty after that we're gonna go and we're gonna create an an ad id and we're gonna save it then we're gonna go to the certificates and secrets and we're going to create a new client secret if you want to leave the description blank you can do it uh take this advice copy the value of the client secret at once because it's going to hashtag the values so you're not going to be able to read it so client secret and we paste this in there then we're going to grab we're going to grant permissions to the backend api to the front end api so we're gonna go to api permissions and we're gonna add permissions we're gonna click on my apis and we're gonna select our uh our back-end api and we're gonna select the user with scope that we choose we're gonna click on add and then after that we're gonna grant consent for the file directory based on the steps that we have on on the documentations on microsoft the servers are ready so we're gonna go and we're gonna create a new server in the in our api management services so we're going to go here to oath to open adi i'm going to click on add and we're going to put a name public oath to that test that server we can name it at that that way description you can leave the description empty client registration this is when you use another of two services we're not gonna use we're gonna use internal our services so you just click you just use a placeholder like localhost uh be aware to use https because if you're on the newest https it's gonna throw an error then we need the authorization endpoints uh url and the authorization and the token endpoint url we're gonna grab that for from our client application we're gonna go overview endpoints and we're gonna copy the version to guys copy the version to you only and paste it in the authorization endpoint url then we're going to grab the oauth 2 to that little token endpoint we're going to copy that and we're going to paste that in the token endpoint and we're gonna select the post method to do the authorizations we're gonna go down and we're gonna copy the default scope is that link that we have in the in our notepad and we're going to paste it on the file scope we're going to grab the client credentials and we're going to use the client id that we have for our client application or our front end application and we're gonna paste it in the client and we're gonna use the client secret we're gonna leave research on owner username and resource or in our password empty we don't need to do that and we're going to click on create ah one more thing and this is an important step that you need to do and this is one of the issues that i have before if you copy redirect uri and you paste it in the redirectional uri in the application in the client applications it's gonna fail for some reason that is failing so use the ready regular applicator portal that's the one is working copy the fix the first value authorization graph flow we're gonna paste that in our plot in our blog no blog and our notepad sorry and we're gonna click create then after that we're gonna go back our applications and in the advertising url we're gonna create we're gonna click on add platform web and we're gonna paste our url we just copy from the server we're going to click configure and we're going to go to the manifest and we're going to change the this value access docking at set version and we're gonna put the number two it's gonna use the version two why is using the version two i'm gonna show you right away it's because if we were to hear overview endpoints you're gonna see we're using the o2 2.0 or solidization endpoint b2 that's the reason why after we finish this we're going to go back again to the up register applications i'm sorry i went too far apple complication and we're gonna go to our application back end in the application backend we're gonna go to exposing api this is a step that it's not in the documentation so we need to do this and we're gonna have we're gonna add the client id the client id of our front-end application so how do we do that we copied uh we need to find the client id of the front application so let's go back again let's copy the value this is the client id and actually let's paint the client id here we have the value there okay let's go to let's go against the back-end application [Music] expose api add a client application we're gonna paste the client id of the front application see it is different this one as this one and we're gonna authorize this scope from the backend application and we're gonna click add this is an important step to do in our backend applications we're going to go to the manifest 2 and we're going to change the access token upset version to the number 2 which is version 2. i'll already explain how why is that we're going to click save notice that the backend application doesn't have a redirect uri that's going to stay in that's going to stay in that way we're not going to create a platform for that that's going to be the back-end applications okay now that we have both application already created the client on the backend application on the azure id and we have the server created on our oath to uh api management servers and you can see the application that we're going to use is public with test servers now we're going to configure the api to handle this uh authorization flow so we're going to select we're going to go to api we're going to select the api that we're going to use in this case going to we we're going to use the echo api and we're going to go to settings in settings we're going to scroll down till we find the security option and we're going to choose oath to you're going to see a drop down list and the drop-down list you're going to select the server that you want to use in this case it's public of 23 servers if you want you can leave the description key check i'm gonna do it so let's click save and it's already configured so we're gonna go to the azure developer portal or the all your developer yeah to your azure developer and we're going to go to apis uh remember to go to the azure developer poll it's your instance.portal.azure api.net we're going to close we're going to click on echo api and we're going to retrieve some resources we're going to click here then we're going to click on try we're going to paste our subscription copy and paste it and you can see the subscription key going to subscriptions and inside the subscriptions you're going to grab the subscription that were for you i grabbed the unlimited one after you do that in the drop down list in the authorization you see the server that we create in there you're gonna select authorization code and in the authorization account is gonna tell you when it's gonna spark the token and it's gonna create the token for you and let's do a testing without the authorization code no authorization code let's run it he said that the header value is required so let's choose authorization code again let's click send and we have a response the theme with this response is like uh it's working on the on the azure developer portal but if we go and copy this value on postman let's create a new windows sportsman let's go to the header because we need a subscription key actually i'm going to copy i'm not going to type the value that we need for the secretion key just going to put here and key header let's just directly subscription key i'm just gonna edit this value so you don't see it and you don't have access to this actually i'm gonna delete this so this all these servers uh after we finish this for security reasons but i passed the value in there let's click send and you see we have response 200 from the server without uh without using oauth2 and the reason is we need to create a policy and we don't need to create a policy in our code application in our net core application or the application that you're doing we can create a policy here and in our api and i'm going to show you right away so we're going to go to apis we're going to select our echo api and we go and i'm going to create that policy in in that inbound policy for all the methods that we have in here so let's go let's add an inbound processing application let's click here on code and i already have already typed this uh xml value and we're going to pass it here in the inbound property there's a couple of stuff that we need to change and i see here then you see here in my notes i put client id and client id again [Music] so we're gonna find a client id uh i have this in my notes and you can find the client id we're gonna go back to this tab where this azure id and we're gonna copy this directory tenant id that's the value that you're gonna need uh so we're gonna go back to the api again and we're gonna paste that value in this part of the xml tag so we pasted them both and we click save once we click save the policy is going to be created for all operations and you're going to see like in on a friendly way if you click here on the pencil you're going to see all the values that we put this header authorization the error the message and the issuer and the open id that we use and all those values running there we're going to click this card and we're going to test again our our ap and our api in the azure portal just click send and there you go if we're going to test another one let's test another resourcer stripe let's paste the subscription key authorization code it's gonna grab the authorization code let's click send and we have response now we're gonna go back to postman unless that's in postman one more time we don't have any authorization value so we're gonna click send and the return is gonna be uh for one unauthorized uh error so now we're gonna set up the authorization we already have um a better token so we're gonna use the very token heat that we have here remember this very token yeah it's gonna expire so [Music] let's use it right away let's paste it let's paste everything let's copy and paste that let's go back to and i already have one here but we're gonna paste that here and let's send that again okay let's send that again and we have a response uh remember then copy the very word before the uh that is before the the token because uh postman is gonna paste it again but there you go guys i hope this information worked for you i'm sorry i didn't show any token or code or id that that i have in there but the description is already there and if you have some questions just leave me the comments uh but the star the steps i think is very clear so thank you see you next time you
Info
Channel: Tech Dev Sleep
Views: 1,956
Rating: undefined out of 5
Keywords: Azure AD, Azure API Management, OAuth2 Azure, OAuth 2.0, Oauth 2.0 Azure, Azure, Oauth, Oauth2
Id: iw8Qba90VbU
Channel Id: undefined
Length: 22min 13sec (1333 seconds)
Published: Mon Apr 05 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.