Azure API Management Authorization Server
This page shows how to write Terraform and Azure Resource Manager for API Management Authorization Server and write them securely.
azurerm_api_management_authorization_server (Terraform)
The Authorization Server in API Management can be configured in Terraform with the resource name azurerm_api_management_authorization_server
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_api_management_authorization_server" "authorization_server" {
count = length(var.authorization_server)
api_management_name = element(var.api_management_name, lookup(var.authorization_server[count.index], "api_management_id"))
authorization_endpoint = lookup(var.authorization_server, "authorization_endpoint")
authorization_methods = lookup(var.authorization_server, "authorization_methods")
client_id = lookup(var.authorization_server, "client_id")
resource "azurerm_api_management_authorization_server" "this" {
api_management_name = var.api_management_name
authorization_endpoint = var.authorization_endpoint
authorization_methods = var.authorization_methods
bearer_token_sending_methods = var.bearer_token_sending_methods
client_authentication_method = var.client_authentication_method
resource "azurerm_api_management_authorization_server" "this" {
api_management_name = var.api_management_name
authorization_endpoint = var.authorization_endpoint
authorization_methods = var.authorization_methods
bearer_token_sending_methods = var.bearer_token_sending_methods
client_authentication_method = var.client_authentication_method
resource "azurerm_api_management_authorization_server" "apim" {
name = var.apim_authorization_server_name
api_management_name = azurerm_api_management.apim.name
authorization_methods = var.apim_authorization_server_methods
resource_group_name = data.azurerm_resource_group.base.name
display_name = var.apim_authorization_server_display_name
Parameters
-
api_management_name
required - string -
authorization_endpoint
required - string -
authorization_methods
required - set of string -
bearer_token_sending_methods
optional - set of string -
client_authentication_method
optional - set of string -
client_id
required - string -
client_registration_endpoint
required - string -
client_secret
optional - string -
default_scope
optional - string -
description
optional - string -
display_name
required - string -
grant_types
required - set of string -
id
optional computed - string -
name
required - string -
resource_group_name
required - string -
resource_owner_password
optional - string -
resource_owner_username
optional - string -
support_state
optional - bool -
token_endpoint
optional - string -
timeouts
single block -
token_body_parameter
list block
Explanation in Terraform Registry
Manages an Authorization Server within an API Management Service.
Microsoft.ApiManagement/service/authorizationServers (Azure Resource Manager)
The service/authorizationServers in Microsoft.ApiManagement can be configured in Azure Resource Manager with the resource name Microsoft.ApiManagement/service/authorizationServers
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
apiVersion
required - stringname
required - stringIdentifier of the authorization server.
properties
requiredauthorizationEndpoint
required - stringOAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.
authorizationMethods
optional - arrayHTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.
bearerTokenSendingMethods
optional - arraySpecifies the mechanism by which access token is passed to the API.
clientAuthenticationMethod
optional - arrayMethod of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.
clientId
required - stringClient or app id registered with this authorization server.
clientRegistrationEndpoint
required - stringOptional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.
clientSecret
optional - stringClient or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.
defaultScope
optional - stringAccess token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.
description
optional - stringDescription of the authorization server. Can contain HTML formatting tags.
displayName
required - stringUser-friendly authorization server name.
grantTypes
required - arrayForm of an authorization grant, which the client uses to request the access token.
resourceOwnerPassword
optional - stringCan be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.
resourceOwnerUsername
optional - stringCan be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.
supportState
optional - booleanIf true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.
tokenBodyParameters
optional arrayname
required - stringbody parameter name.
value
required - stringbody parameter value.
tokenEndpoint
optional - stringOAuth token endpoint. Contains absolute URI to entity being referenced.
type
required - string
Frequently asked questions
What is Azure API Management Authorization Server?
Azure API Management Authorization Server is a resource for API Management of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure API Management Authorization Server?
For Terraform, the mikamakusa/terraform, kevinhead/azurerm and niveklabs/azurerm source code examples are useful. See the Terraform Example section for further details.