I don't want to supply client secret in client scripts ... we have thousands of devices call APIs through APIM. I don't want share client secret in devices
Thank you very much for your video, but I had a question: If I have more than one customer wanting to use my api, do I always need to create a new app for them to access? If so, how do I dynamically add a new scope in APIM policies?
@Sri Gunnala- Hi Sri Gunnala, I am able to generate the access token by configuring this and also added the jwt-validation policy in inbound request of the api to protect it. The problem is even though I have added the aut token as bearer, it shows invalid auth token error. Do I need to make any configuration related settings in apim itself for open-id connect
Interesting.. is it possible to protect only few endpoints which path starts with some prefix? for example lets say /public/* are unprotected and /protected/api/* are all protected
Hi @Sri Gunnala, thanks for the video. I have one doubt. If we can authentication in function app itself, then why do we need to configure Api management service?
Great video! I want to secure powerautomate when a http request is recieved flow through api management could you please do a video on this as its not available in the entire internet.
I am getting security recommendation as API endpoints in azure api management should be authenticated. I have openai as backend & I dont want to use Azure AD. How should I resolve this issue using other self service setup other than Azure AD. Can you please guide me on this?
I've never leaned how this works in practice, kudos for this nice vid!
This was quick but good. I have used Oauth plenty as a developer, but have never setup it up with Azure.
Thank you it helped with my project!
Glad it helped you!!
short and sweet demo with precise steps. Thank you :)
I am gland you liked it. Thanks, Sri!
Perfect! Loved the fact this this has clear explanation of what is being registered in AD and why. Thanks! helped me in setting up APIM.
I am glad you found it helpful! Cheers, Sri!
Sweet and short! It helped me resolved my task!!
Thank you!
Simply amazing! You have helped so much on a tight deadline!
I am glad it helped you!
Can't you bypass a pim if you get the function app URL, what's protecting it at that level?
Great video. Thanks for spending time to put it together.
Great video, really helped me understand the process and setup a simple demo api with oauth i can build upon.
Very good guide. Thank you.
Thanks, great video
Thank you!
I don't want to supply client secret in client scripts ... we have thousands of devices call APIs through APIM. I don't want share client secret in devices
very to the point thanks !
Thank you very much for your video, but I had a question: If I have more than one customer wanting to use my api, do I always need to create a new app for them to access? If so, how do I dynamically add a new scope in APIM policies?
@Sri Gunnala- Hi Sri Gunnala, I am able to generate the access token by configuring this and also added the jwt-validation policy in inbound request of the api to protect it. The problem is even though I have added the aut token as bearer, it shows invalid auth token error. Do I need to make any configuration related settings in apim itself for open-id connect
same for me got any solution?
Hi Please remove api:// from the scope while adding it inside name value section. Then try again, I hope it works.
@@sumitsandhir5112 Still doesn't work for me, any solution else ?
Is there a way to use another identity provider such as Okta or Auth0 and perform OIDC flow?
Thanks buddy... but what about refresh token, how that will be generated
and validated
Interesting.. is it possible to protect only few endpoints which path starts with some prefix? for example
lets say /public/* are unprotected and /protected/api/* are all protected
Hello, Thanks for checking my video.
You can simply separate them by product and apply policies at product-level
Can products then have hierarchy
quick and informative
Hi @Sri Gunnala, thanks for the video. I have one doubt. If we can authentication in function app itself, then why do we need to configure Api management service?
This is for authorization, not authentication.
Great video! I want to secure powerautomate when a http request is recieved flow through api management could you please do a video on this as its not available in the entire internet.
Hi Sri, Can we apply SharePoint permissions to the azure app and authenticate the SharePoint api?
I am getting security recommendation as API endpoints in azure api management should be authenticated. I have openai as backend & I dont want to use Azure AD. How should I resolve this issue using other self service setup other than Azure AD. Can you please guide me on this?
Given that I know the url to the backend function, what stops me from calling it directly?
how does this work in the dev portal?