问题描述
我有一个后端 API,我想使用 Azure API 管理进行代理.这个后端 API 要求我提供一个 Bearer Oauth2 令牌.我想使用 Azure APIM 来为我处理 Oauth2 流,并且我想公开一个非常简单的 API,它将被客户端应用程序使用.我想避免我的客户端应用程序使用 Oauth2.我如何使用 APIM 处理它?我找到了很多示例来演示如何使用 Oauth2 保护后端 API,但这不是我想要实现的用例.谢谢.
I have a backend API I want to proxy by using Azure API Management.This backend API requires me to provide a Bearer Oauth2 token.I want to use Azure APIM to handle the Oauth2 flows for me, and I want to expose a very simple API that will be consumed by client apps. I want to avoid my client App to use Oauth2.How can I handle it with APIM? I found a lot of samples demonstrating how to protect a backend API with Oauth2, but it is not the use case I'm trying to implement.Thanks.
推荐答案
以下是实现此功能的策略片段:
Here is a policy snippet to make this work:
<send-request ignore-error="true" timeout="20" response-variable-name="bearerToken" mode="new">
<set-url>{{authorizationServer}}</set-url>
<set-method>POST</set-method>
<set-header name="Content-Type" exists-action="override">
<value>application/x-www-form-urlencoded</value>
</set-header>
<set-body>
@{
return "client_id={{clientId}}&resource={{scope}}&client_secret={{clientSecret}}&grant_type=client_credentials";
}
</set-body>
</send-request>
<set-header name="Authorization" exists-action="override">
<value>
@("Bearer " + (String)((IResponse)context.Variables["bearerToken"]).Body.As<JObject>()["access_token"])
</value>
</set-header>
<!-- We do not want to expose our APIM subscription key to the backend API -->
<set-header exists-action="delete" name="Ocp-Apim-Subscription-Key"/>
在 APIM 团队的 APIM 政策片段分支上https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Get%20OAuth2%20access%20token%20from%20AAD%20and%20forward%20it%20to%20the%20backend.policy.xml
And on the APIM policy snippets branch from the APIM teamhttps://github.com/Azure/api-management-policy-snippets/blob/master/examples/Get%20OAuth2%20access%20token%20from%20AAD%20and%20forward%20it%20to%20the%20backend.policy.xml
这篇关于Azure API 管理:带有后端 API 的 Oauth2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!