0

I created an Api in azure and recently tried to change to authentication method to access it via OAuth2.

I requested a token using https://login.microsoftonline.com/[TENANT]/oauth2/v2.0/token/ and tried to use it to access my api via postman.

enter image description here

Then I tried to use the received token to make a request to my api: I used Postman's Authorization pane to specify OAuth2.0 as the authentication method and set the Grant Type configuration to "implicit" and sent a request.

enter image description here

Configured like this, the request goes through using the "http" version of my api but as soon as I try to use the "https" version, I get a 401 error "Unauthorized".

Have I configured my api wrong ? Or am I using the wrong url to authenticate ?

Thanks a lot for your time.

Hallemon
  • 161
  • 1
  • 14
  • 1
    You can refer to [Protect API's using OAuth 2.0 in APIM](https://techcommunity.microsoft.com/t5/azure-paas-blog/protect-api-s-using-oauth-2-0-in-apim/ba-p/2309538) and [Microsoft Azure Cloud service management API fails with 401: Unauthorized error?](https://stackoverflow.com/a/67067548) – Ecstasy Dec 14 '21 at 11:07
  • 1
    Have you checked the links mentioned in the above comment? Did you get the solution or workaround? – Ecstasy Dec 15 '21 at 04:14
  • 1
    After many hours of debugging, I managed to make it work by 1. Adding the application ID in the Allowed token audiences of my identity provider 2. Removing all the authentication code from api. (there was still some SharePoint identification code in the startup.cs part of my api which was problematic) – Hallemon Dec 16 '21 at 08:14
  • 1
    Glad that your issue got fixed. You can post this as answer and accept it so that it will be beneficial to other community members who might face the similar issue. – Ecstasy Dec 16 '21 at 08:33

1 Answers1

0

After a lot of research I found out what was wrong :

  1. I had to add the application ID in the allowed token audiences of identity provider (in the azure app service, navigate to authentication > locate the identity provider > click on edit > at the bottom of the page add the your app registration's application ID. For good measure I also added api://[APPLICATION ID]/.default and api://[APPLICATION ID]

  2. There was still some authentication code left in the source code of my api. When I was trying to connect I sometime had a response which consisted of HTML titled "Sign in to your account". It was caused by a segment of code in the startup.cs file of my api which verified the user who made the request against my Azure AAD. After removing it I no longer had the error

Dharman
  • 30,962
  • 25
  • 85
  • 135
Hallemon
  • 161
  • 1
  • 14