Scribd
Upload
9 views

OAuth2 using JWT validation policy with Azure AD.docx (002)

Uploaded by

henry
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

OAuth2 using JWT validation policy with Azure AD.docx (002)

Uploaded by

henry
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36

API OAuth2 dynamic authorisation

using JWT validation policy with Azure


AD

Summary
Topic:

-The purpose of this document is to describe the required steps to apply the JWT

Validation Policy in API Manager using Azure AD as an external Identity were client can

request access dynamically via anypoint exchange

-This document explain OAuth 2.0 Dynamic Client Registration on Azure AD as an

external identity provider.

Note: previous article/asset on mulesoft knowledge hub "API authorisation Using JWT

Validation Policy with Azure AD (OAuth)" was using manual steps to configure apps on

Azure AD since OAuth 2.0 Dynamic Client Registration Protocol was not supported by

the time the article/asset was published.

Details

1- Configure Azure AD

1.1 select sign-in options from portal.azure.com



1.2 select sign in to an organisation
1.3 enter domain name
1.4 select Azure AD from the menu
1.5 copy Azure Tenant ID

1.6 from Azure AD select enterprise application then create a new


application
1.7 select "Integrate any other application you don't find in the gallery
(Non-gallery)" option

1.8 after application is been created, copy client id


1.9 configure application properties as shown below
1.10 click on certificates & secrets to create client secret
1.11 enter description and select expiry period

2 Configure anypoint Client Provider

2.1 from anypoint access management configure Azure AD as an


external identity provider
3.Configure JWT Policy

3.1 Design Center

3.1.1 Create new API specification


3.1.2 configure API RAML from api designer <RAML sample code
attached>
3.1.3 publish to exchange

3.2 Anypoint exchange


3.2.1 select asset from exchange

3.2.2 select request access

3.2.3 create new application


3.2.4 select authorisation code grant option.
3.2.5 request Access
3.2.6 copy client id and client secret
3.2.7 from Azure AD select client registration then select view all
application in the directory
3.2.8 check that application was created automatically on Azure AD
after request access got approved from anypoint exchange
3.2.9 create application ID URL

3.2.10 click on set to create application ID URL


3.2.11 click on save

3.3 API Manager


3.3.1 Create new API Policy

3.3.2 select target API to apply policy on it


3.3.3 select client provider

3.3.4 review then save


3.3.5 copy API ID to use it with anypoint studio application in the auto
discovery

3.3.6 Add policy


3.3.7 select JWT Validation Policy
3.3.8 configure the policy as shown below & enter Azure tenant ID

3.3.9 click on add mandatory custom claim validation and configure


other properties as shown below
3.3.10 from Azure AD -> application registration copy the application
id
3.3.11 enter key = tid, value = azure tenant id
4. Anypoint Studio

4.1 create a new project from exchange RAML


4.2 generate flows
4.3 configure auto discovery to activate API Policy
4.4 r-click to export project
4.5 select deployable archive

4.6 select include modules and dependencies option


4.7 deploy manually on runtime manager
5. Test using postman

5.1 Get Access token

5.2 Call Success

5.3 Call failed- invalid token


5.4 Call failed- different API with a valid token

You might also like