This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
We're excited to introduce the rebranding and feature enhancements of Azure API Management's Credential Manager, previously known as Authorizations. In addition, Credential Manager now includes capabilities for user-delegated permissions.
OAuth 2.0 - A Secure and Standardized Protocol for Authorization:
The Challenge We Address with Credential Manager:
After creating a Credential Connections for a user for the first time, moving forward this step won't be necessary. Developers can use the already created Credential Connection when making API calls on-behalf of the users:
Credential Manager - Step-By-Step explanation:
This central repository within API Management is dedicated to managing, storing, and controlling access to your API access tokens. It plays a role in creating secure and seamless connections among your services which can then be used during API runtime using the <get-authorization-context> policy. With Credential Manager, teams will be able to provide a more seamless experience for handling API access tokens. Here is a short description of steps involved:
- User Consent and Authentication:
- Users log in to the client application.
- As part of the initial steps, users provide consent to access (third-party) SaaS APIs.
- Credential Manager:
- APIM acts as a centralized token manager.
- Once users provide consent, APIM stores, manages and refreshes their access tokens securely.
- Incoming API Call:
- When the client application initiates an API call to a third-party service, it sends the request to APIM.
- API Management Intercept:
- API Management, acting as a reverse proxy, intercepts the incoming call to be forwarded to the external service.
- Token Attachment:
- API Management, equipped with the user's previously stored and consented access token/credentials, automatically attaches (via policy) the necessary token to the API call.
- Forwarding to External Service:
- APIM forwards the request to the external service with the attached access token/credentials.
- API Response:
- The external service processes the request and sends back a response to API Management.
- Response to Client:
- APIM receives the response and relays it to the client application - displaying information relevant to the user's access token from the API.