Top / Microsoft Azure / Azure API Management / Authorization Server

Azure API Management Authorization Server

This page shows how to write Terraform and Azure Resource Manager for API Management Authorization Server and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_api_management_authorization_server (Terraform)

The Authorization Server in API Management can be configured in Terraform with the resource name azurerm_api_management_authorization_server. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L1
resource "azurerm_api_management_authorization_server" "authorization_server" {
  count                        = length(var.authorization_server)
  api_management_name          = element(var.api_management_name, lookup(var.authorization_server[count.index], "api_management_id"))
  authorization_endpoint       = lookup(var.authorization_server, "authorization_endpoint")
  authorization_methods        = lookup(var.authorization_server, "authorization_methods")
  client_id                    = lookup(var.authorization_server, "client_id")
main.tf#L7
resource "azurerm_api_management_authorization_server" "this" {
  api_management_name          = var.api_management_name
  authorization_endpoint       = var.authorization_endpoint
  authorization_methods        = var.authorization_methods
  bearer_token_sending_methods = var.bearer_token_sending_methods
  client_authentication_method = var.client_authentication_method
main.tf#L7
resource "azurerm_api_management_authorization_server" "this" {
  api_management_name          = var.api_management_name
  authorization_endpoint       = var.authorization_endpoint
  authorization_methods        = var.authorization_methods
  bearer_token_sending_methods = var.bearer_token_sending_methods
  client_authentication_method = var.client_authentication_method
main.tf#L131
resource "azurerm_api_management_authorization_server" "apim" {
  name                         = var.apim_authorization_server_name
  api_management_name          = azurerm_api_management.apim.name
  authorization_methods        = var.apim_authorization_server_methods
  resource_group_name          = data.azurerm_resource_group.base.name
  display_name                 = var.apim_authorization_server_display_name

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages an Authorization Server within an API Management Service.

>> from Terraform Registry

Microsoft.ApiManagement/service/authorizationServers (Azure Resource Manager)

The service/authorizationServers in Microsoft.ApiManagement can be configured in Azure Resource Manager with the resource name Microsoft.ApiManagement/service/authorizationServers. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

  • apiVersion required - string
  • name required - string

    Identifier of the authorization server.

  • properties required
      • authorizationEndpoint required - string

        OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.

      • authorizationMethods optional - array

        HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

      • bearerTokenSendingMethods optional - array

        Specifies the mechanism by which access token is passed to the API.

      • clientAuthenticationMethod optional - array

        Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

      • clientId required - string

        Client or app id registered with this authorization server.

      • clientRegistrationEndpoint required - string

        Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.

      • clientSecret optional - string

        Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.

      • defaultScope optional - string

        Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.

      • description optional - string

        Description of the authorization server. Can contain HTML formatting tags.

      • displayName required - string

        User-friendly authorization server name.

      • grantTypes required - array

        Form of an authorization grant, which the client uses to request the access token.

      • resourceOwnerPassword optional - string

        Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.

      • resourceOwnerUsername optional - string

        Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.

      • supportState optional - boolean

        If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.

      • tokenBodyParameters optional array
          • name required - string

            body parameter name.

          • value required - string

            body parameter value.

      • tokenEndpoint optional - string

        OAuth token endpoint. Contains absolute URI to entity being referenced.

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure API Management Resources

Frequently asked questions

What is Azure API Management Authorization Server?

Azure API Management Authorization Server is a resource for API Management of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure API Management Authorization Server?

For Terraform, the mikamakusa/terraform, kevinhead/azurerm and niveklabs/azurerm source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents