你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Authorization Server - Create Or Update
Creates new authorization server or updates an existing authorization server.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/authorizationServers/{authsid}?api-version=2024-05-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
authsid
|
path | True |
string |
Identifier of the authorization server. Regex pattern: |
resource
|
path | True |
string |
The name of the resource group. The name is case insensitive. |
service
|
path | True |
string |
The name of the API Management service. Regex pattern: |
subscription
|
path | True |
string uuid |
The ID of the target subscription. The value must be an UUID. |
api-version
|
query | True |
string |
The API version to use for this operation. |
Request Header
Name | Required | Type | Description |
---|---|---|---|
If-Match |
string |
ETag of the Entity. Not required when creating an entity, but required when updating an entity. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
properties.authorizationEndpoint | True |
string |
OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2. |
properties.clientId | True |
string |
Client or app id registered with this authorization server. |
properties.clientRegistrationEndpoint | True |
string |
Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. |
properties.displayName | True |
string |
User-friendly authorization server name. |
properties.grantTypes | True |
Form of an authorization grant, which the client uses to request the access token. |
|
properties.authorizationMethods |
HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. |
||
properties.bearerTokenSendingMethods |
Specifies the mechanism by which access token is passed to the API. |
||
properties.clientAuthenticationMethod |
Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. |
||
properties.clientSecret |
string |
Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. |
|
properties.defaultScope |
string |
Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. |
|
properties.description |
string |
Description of the authorization server. Can contain HTML formatting tags. |
|
properties.resourceOwnerPassword |
string |
Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. |
|
properties.resourceOwnerUsername |
string |
Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. |
|
properties.supportState |
boolean |
If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. |
|
properties.tokenBodyParameters |
Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. |
||
properties.tokenEndpoint |
string |
OAuth token endpoint. Contains absolute URI to entity being referenced. |
|
properties.useInApiDocumentation |
boolean |
If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided. |
|
properties.useInTestConsole |
boolean |
If true, the authorization server may be used in the developer portal test console. True by default if no value is provided. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Authorization server is already registered. Headers ETag: string |
|
201 Created |
Authorization server was successfully registered. Headers ETag: string |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
ApiManagementCreateAuthorizationServer
Sample request
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer?api-version=2024-05-01
{
"properties": {
"displayName": "test2",
"useInTestConsole": false,
"useInApiDocumentation": true,
"description": "test server",
"clientRegistrationEndpoint": "https://www.contoso.com/apps",
"authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
"authorizationMethods": [
"GET"
],
"tokenEndpoint": "https://www.contoso.com/oauth2/token",
"supportState": true,
"defaultScope": "read write",
"grantTypes": [
"authorizationCode",
"implicit"
],
"bearerTokenSendingMethods": [
"authorizationHeader"
],
"clientId": "1",
"clientSecret": "2",
"resourceOwnerUsername": "un",
"resourceOwnerPassword": "pwd"
}
}
Sample response
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
"type": "Microsoft.ApiManagement/service/authorizationServers",
"name": "newauthServer",
"properties": {
"displayName": "test2",
"useInTestConsole": false,
"useInApiDocumentation": true,
"description": "test server",
"clientRegistrationEndpoint": "https://www.contoso.com/apps",
"authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
"authorizationMethods": [
"GET"
],
"tokenEndpoint": "https://www.contoso.com/oauth2/token",
"supportState": true,
"defaultScope": "read write",
"grantTypes": [
"authorizationCode",
"implicit"
],
"bearerTokenSendingMethods": [
"authorizationHeader"
],
"clientId": "1",
"resourceOwnerUsername": "un",
"resourceOwnerPassword": "pwd"
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
"type": "Microsoft.ApiManagement/service/authorizationServers",
"name": "newauthServer",
"properties": {
"displayName": "test2",
"useInTestConsole": false,
"useInApiDocumentation": true,
"description": "test server",
"clientRegistrationEndpoint": "https://www.contoso.com/apps",
"authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
"authorizationMethods": [
"GET"
],
"tokenEndpoint": "https://www.contoso.com/oauth2/token",
"supportState": true,
"defaultScope": "read write",
"grantTypes": [
"authorizationCode",
"implicit"
],
"bearerTokenSendingMethods": [
"authorizationHeader"
],
"clientId": "1",
"resourceOwnerUsername": "un",
"resourceOwnerPassword": "pwd"
}
}
Definitions
Name | Description |
---|---|
Authorization |
HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. |
Authorization |
External OAuth authorization server settings. |
Bearer |
Specifies the mechanism by which access token is passed to the API. |
Client |
Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. |
Error |
The resource management error additional info. |
Error |
The error detail. |
Error |
Error response |
Grant |
Form of an authorization grant, which the client uses to request the access token. |
Token |
OAuth acquire token request body parameter (www-url-form-encoded). |
AuthorizationMethod
HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.
Name | Type | Description |
---|---|---|
DELETE |
string |
|
GET |
string |
|
HEAD |
string |
|
OPTIONS |
string |
|
PATCH |
string |
|
POST |
string |
|
PUT |
string |
|
TRACE |
string |
AuthorizationServerContract
External OAuth authorization server settings.
Name | Type | Description |
---|---|---|
id |
string |
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} |
name |
string |
The name of the resource |
properties.authorizationEndpoint |
string |
OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2. |
properties.authorizationMethods |
HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. |
|
properties.bearerTokenSendingMethods |
Specifies the mechanism by which access token is passed to the API. |
|
properties.clientAuthenticationMethod |
Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. |
|
properties.clientId |
string |
Client or app id registered with this authorization server. |
properties.clientRegistrationEndpoint |
string |
Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. |
properties.clientSecret |
string |
Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. |
properties.defaultScope |
string |
Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. |
properties.description |
string |
Description of the authorization server. Can contain HTML formatting tags. |
properties.displayName |
string |
User-friendly authorization server name. |
properties.grantTypes |
Form of an authorization grant, which the client uses to request the access token. |
|
properties.resourceOwnerPassword |
string |
Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. |
properties.resourceOwnerUsername |
string |
Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. |
properties.supportState |
boolean |
If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. |
properties.tokenBodyParameters |
Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. |
|
properties.tokenEndpoint |
string |
OAuth token endpoint. Contains absolute URI to entity being referenced. |
properties.useInApiDocumentation |
boolean |
If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided. |
properties.useInTestConsole |
boolean |
If true, the authorization server may be used in the developer portal test console. True by default if no value is provided. |
type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
BearerTokenSendingMethod
Specifies the mechanism by which access token is passed to the API.
Name | Type | Description |
---|---|---|
authorizationHeader |
string |
|
query |
string |
ClientAuthenticationMethod
Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.
Name | Type | Description |
---|---|---|
Basic |
string |
Basic Client Authentication method. |
Body |
string |
Body based Authentication method. |
ErrorAdditionalInfo
The resource management error additional info.
Name | Type | Description |
---|---|---|
info |
object |
The additional info. |
type |
string |
The additional info type. |
ErrorDetail
The error detail.
Name | Type | Description |
---|---|---|
additionalInfo |
The error additional info. |
|
code |
string |
The error code. |
details |
The error details. |
|
message |
string |
The error message. |
target |
string |
The error target. |
ErrorResponse
Error response
Name | Type | Description |
---|---|---|
error |
The error object. |
GrantType
Form of an authorization grant, which the client uses to request the access token.
Name | Type | Description |
---|---|---|
authorizationCode |
string |
Authorization Code Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.1. |
clientCredentials |
string |
Client Credentials Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.4. |
implicit |
string |
Implicit Code Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.2. |
resourceOwnerPassword |
string |
Resource Owner Password Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.3. |
TokenBodyParameterContract
OAuth acquire token request body parameter (www-url-form-encoded).
Name | Type | Description |
---|---|---|
name |
string |
body parameter name. |
value |
string |
body parameter value. |