Authorization
External OAuth authorization server settings. Uses Azure REST API version 2022-09-01-preview. In version 2.x of the Azure Native provider, it used API version 2022-08-01. Other available API versions: 2021-04-01-preview, 2021-08-01, 2021-12-01-preview, 2022-04-01-preview, 2022-08-01, 2023-03-01-preview, 2023-05-01-preview, 2023-09-01-preview, 2024-05-01, 2024-06-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native apimanagement [ApiVersion]. See the ../../../version-guide/#accessing-any-api-version-via-local-packages for details.
Example Usage
ApiManagementCreateAuthorizationServer
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var authorizationServer = new AzureNative.ApiManagement.AuthorizationServer("authorizationServer", new()
{
AuthorizationEndpoint = "https://www.contoso.com/oauth2/auth",
AuthorizationMethods = new[]
{
AzureNative.ApiManagement.AuthorizationMethod.GET,
},
Authsid = "newauthServer",
BearerTokenSendingMethods = new[]
{
AzureNative.ApiManagement.BearerTokenSendingMethod.AuthorizationHeader,
},
ClientId = "1",
ClientRegistrationEndpoint = "https://www.contoso.com/apps",
ClientSecret = "2",
DefaultScope = "read write",
Description = "test server",
DisplayName = "test2",
GrantTypes = new[]
{
AzureNative.ApiManagement.GrantType.AuthorizationCode,
AzureNative.ApiManagement.GrantType.@Implicit,
},
ResourceGroupName = "rg1",
ResourceOwnerPassword = "pwd",
ResourceOwnerUsername = "un",
ServiceName = "apimService1",
SupportState = true,
TokenEndpoint = "https://www.contoso.com/oauth2/token",
UseInApiDocumentation = true,
UseInTestConsole = false,
});
});package main
import (
apimanagement "github.com/pulumi/pulumi-azure-native-sdk/apimanagement/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := apimanagement.NewAuthorizationServer(ctx, "authorizationServer", &apimanagement.AuthorizationServerArgs{
AuthorizationEndpoint: pulumi.String("https://www.contoso.com/oauth2/auth"),
AuthorizationMethods: apimanagement.AuthorizationMethodArray{
apimanagement.AuthorizationMethodGET,
},
Authsid: pulumi.String("newauthServer"),
BearerTokenSendingMethods: pulumi.StringArray{
pulumi.String(apimanagement.BearerTokenSendingMethodAuthorizationHeader),
},
ClientId: pulumi.String("1"),
ClientRegistrationEndpoint: pulumi.String("https://www.contoso.com/apps"),
ClientSecret: pulumi.String("2"),
DefaultScope: pulumi.String("read write"),
Description: pulumi.String("test server"),
DisplayName: pulumi.String("test2"),
GrantTypes: pulumi.StringArray{
pulumi.String(apimanagement.GrantTypeAuthorizationCode),
pulumi.String(apimanagement.GrantTypeImplicit),
},
ResourceGroupName: pulumi.String("rg1"),
ResourceOwnerPassword: pulumi.String("pwd"),
ResourceOwnerUsername: pulumi.String("un"),
ServiceName: pulumi.String("apimService1"),
SupportState: pulumi.Bool(true),
TokenEndpoint: pulumi.String("https://www.contoso.com/oauth2/token"),
UseInApiDocumentation: pulumi.Bool(true),
UseInTestConsole: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.apimanagement.AuthorizationServer;
import com.pulumi.azurenative.apimanagement.AuthorizationServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var authorizationServer = new AuthorizationServer("authorizationServer", AuthorizationServerArgs.builder()
.authorizationEndpoint("https://www.contoso.com/oauth2/auth")
.authorizationMethods("GET")
.authsid("newauthServer")
.bearerTokenSendingMethods("authorizationHeader")
.clientId("1")
.clientRegistrationEndpoint("https://www.contoso.com/apps")
.clientSecret("2")
.defaultScope("read write")
.description("test server")
.displayName("test2")
.grantTypes(
"authorizationCode",
"implicit")
.resourceGroupName("rg1")
.resourceOwnerPassword("pwd")
.resourceOwnerUsername("un")
.serviceName("apimService1")
.supportState(true)
.tokenEndpoint("https://www.contoso.com/oauth2/token")
.useInApiDocumentation(true)
.useInTestConsole(false)
.build());
}
}Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:apimanagement:AuthorizationServer newauthServer /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/authorizationServers/{authsid}Constructors
Properties
OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.
HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.
Specifies the mechanism by which access token is passed to the API.
Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.
Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.
Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.
Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.
Description of the authorization server. Can contain HTML formatting tags.
User-friendly authorization server name.
Form of an authorization grant, which the client uses to request the access token.
The name of the resource group. The name is case insensitive.
Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.
Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.
The name of the API Management service.
If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.
Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}.
OAuth token endpoint. Contains absolute URI to entity being referenced.
If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided.
If true, the authorization server may be used in the developer portal test console. True by default if no value is provided.