Partilhar via


Authorization Server - Create Or Update

Creates new authorization server or updates an existing authorization server.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/authorizationServers/{authsid}?api-version=2021-08-01

URI Parameters

Name In Required Type Description
authsid
path True

string

Identifier of the authorization server.

Regex pattern: ^[^*#&+:<>?]+$

resourceGroupName
path True

string

The name of the resource group.

serviceName
path True

string

The name of the API Management service.

Regex pattern: ^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$

subscriptionId
path True

string

Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.

api-version
query True

string

Version of the API to be used with the client request.

Request Header

Name Required Type Description
If-Match

string

ETag of the Entity. Not required when creating an entity, but required when updating an entity.

Request Body

Name Required Type Description
properties.authorizationEndpoint True

string

OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.

properties.clientId True

string

Client or app id registered with this authorization server.

properties.clientRegistrationEndpoint True

string

Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.

properties.displayName True

string

User-friendly authorization server name.

properties.grantTypes True

GrantType[]

Form of an authorization grant, which the client uses to request the access token.

properties.authorizationMethods

AuthorizationMethod[]

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

properties.bearerTokenSendingMethods

BearerTokenSendingMethod[]

Specifies the mechanism by which access token is passed to the API.

properties.clientAuthenticationMethod

ClientAuthenticationMethod[]

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

properties.clientSecret

string

Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.

properties.defaultScope

string

Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.

properties.description

string

Description of the authorization server. Can contain HTML formatting tags.

properties.resourceOwnerPassword

string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.

properties.resourceOwnerUsername

string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.

properties.supportState

boolean

If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.

properties.tokenBodyParameters

TokenBodyParameterContract[]

Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}.

properties.tokenEndpoint

string

OAuth token endpoint. Contains absolute URI to entity being referenced.

Responses

Name Type Description
200 OK

AuthorizationServerContract

Authorization server is already registered.

Headers

ETag: string

201 Created

AuthorizationServerContract

Authorization server was successfully registered.

Headers

ETag: string

Other Status Codes

ErrorResponse

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

ApiManagementCreateAuthorizationServer

Sample request

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer?api-version=2021-08-01

{
  "properties": {
    "displayName": "test2",
    "description": "test server",
    "clientRegistrationEndpoint": "https://www.contoso.com/apps",
    "authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
    "authorizationMethods": [
      "GET"
    ],
    "tokenEndpoint": "https://www.contoso.com/oauth2/token",
    "supportState": true,
    "defaultScope": "read write",
    "grantTypes": [
      "authorizationCode",
      "implicit"
    ],
    "bearerTokenSendingMethods": [
      "authorizationHeader"
    ],
    "clientId": "1",
    "clientSecret": "2",
    "resourceOwnerUsername": "un",
    "resourceOwnerPassword": "pwd"
  }
}

Sample response

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
  "type": "Microsoft.ApiManagement/service/authorizationServers",
  "name": "newauthServer",
  "properties": {
    "displayName": "test2",
    "description": "test server",
    "clientRegistrationEndpoint": "https://www.contoso.com/apps",
    "authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
    "authorizationMethods": [
      "GET"
    ],
    "tokenEndpoint": "https://www.contoso.com/oauth2/token",
    "supportState": true,
    "defaultScope": "read write",
    "grantTypes": [
      "authorizationCode",
      "implicit"
    ],
    "bearerTokenSendingMethods": [
      "authorizationHeader"
    ],
    "clientId": "1",
    "resourceOwnerUsername": "un",
    "resourceOwnerPassword": "pwd"
  }
}
{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
  "type": "Microsoft.ApiManagement/service/authorizationServers",
  "name": "newauthServer",
  "properties": {
    "displayName": "test2",
    "description": "test server",
    "clientRegistrationEndpoint": "https://www.contoso.com/apps",
    "authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
    "authorizationMethods": [
      "GET"
    ],
    "tokenEndpoint": "https://www.contoso.com/oauth2/token",
    "supportState": true,
    "defaultScope": "read write",
    "grantTypes": [
      "authorizationCode",
      "implicit"
    ],
    "bearerTokenSendingMethods": [
      "authorizationHeader"
    ],
    "clientId": "1",
    "resourceOwnerUsername": "un",
    "resourceOwnerPassword": "pwd"
  }
}

Definitions

Name Description
AuthorizationMethod

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

AuthorizationServerContract

External OAuth authorization server settings.

BearerTokenSendingMethod

Specifies the mechanism by which access token is passed to the API.

ClientAuthenticationMethod

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

ErrorFieldContract

Error Field contract.

ErrorResponse

Error Response.

GrantType

Form of an authorization grant, which the client uses to request the access token.

TokenBodyParameterContract

OAuth acquire token request body parameter (www-url-form-encoded).

AuthorizationMethod

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

Name Type Description
DELETE

string

GET

string

HEAD

string

OPTIONS

string

PATCH

string

POST

string

PUT

string

TRACE

string

AuthorizationServerContract

External OAuth authorization server settings.

Name Type Description
id

string

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

name

string

The name of the resource

properties.authorizationEndpoint

string

OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.

properties.authorizationMethods

AuthorizationMethod[]

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

properties.bearerTokenSendingMethods

BearerTokenSendingMethod[]

Specifies the mechanism by which access token is passed to the API.

properties.clientAuthenticationMethod

ClientAuthenticationMethod[]

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

properties.clientId

string

Client or app id registered with this authorization server.

properties.clientRegistrationEndpoint

string

Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.

properties.clientSecret

string

Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.

properties.defaultScope

string

Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.

properties.description

string

Description of the authorization server. Can contain HTML formatting tags.

properties.displayName

string

User-friendly authorization server name.

properties.grantTypes

GrantType[]

Form of an authorization grant, which the client uses to request the access token.

properties.resourceOwnerPassword

string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.

properties.resourceOwnerUsername

string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.

properties.supportState

boolean

If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.

properties.tokenBodyParameters

TokenBodyParameterContract[]

Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}.

properties.tokenEndpoint

string

OAuth token endpoint. Contains absolute URI to entity being referenced.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

BearerTokenSendingMethod

Specifies the mechanism by which access token is passed to the API.

Name Type Description
authorizationHeader

string

query

string

ClientAuthenticationMethod

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

Name Type Description
Basic

string

Basic Client Authentication method.

Body

string

Body based Authentication method.

ErrorFieldContract

Error Field contract.

Name Type Description
code

string

Property level error code.

message

string

Human-readable representation of property-level error.

target

string

Property name.

ErrorResponse

Error Response.

Name Type Description
error.code

string

Service-defined error code. This code serves as a sub-status for the HTTP error code specified in the response.

error.details

ErrorFieldContract[]

The list of invalid fields send in request, in case of validation error.

error.message

string

Human-readable representation of the error.

GrantType

Form of an authorization grant, which the client uses to request the access token.

Name Type Description
authorizationCode

string

Authorization Code Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.1.

clientCredentials

string

Client Credentials Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.4.

implicit

string

Implicit Code Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.2.

resourceOwnerPassword

string

Resource Owner Password Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.3.

TokenBodyParameterContract

OAuth acquire token request body parameter (www-url-form-encoded).

Name Type Description
name

string

body parameter name.

value

string

body parameter value.