1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Configuring Azure API Management

Decoding the Token

Contents

keyboard_tab
Introduction
1
Introduction
PREVIEW1m 37s
2
Getting Started
PREVIEW1m 19s
3
Overview
2m 25s
Configuring the Service
API Policies
14
Summary
16

The course is part of this learning path

AZ-203 Exam Preparation: Developing Solutions for Microsoft Azure
course-steps 20 certification 1 lab-steps 7
play-arrow
Start course
Overview
DifficultyAdvanced
Duration54m
Students186
Ratings
5/5
star star star star star

Description

This course deals with how to deploy, configure, and manage some keys aspects of Azure API management (APIM). In particular, we focus on the authentication mechanism and go into depth about how to set up OAuth 2.0, including creating the Azure AD required application registrations. To help with understanding and troubleshooting the OAuth flow, we utilize Postman to check and validate our configuration. Next, we take a look at how we can alter API requests at various scopes using API policies. Finally, we look at how to view effective API policies that span multiple scopes and also how to trace API policies during runtime.

Learning Objectives

  • Deploy Azure API Management and import an existing API
  • Gain an understanding of how the configure authentication against APIM using OAuth 2.0
  • Implement API policies against the imported API to alter the API request
  • Use Postman to make API requests against APIM and request and use OAuth authorization tokens
  • Secure the imported API by requiring a valid Azure AD token

Intended Audience

  • People who want to become Azure developers and who design and build cloud solutions
  • People preparing for Microsoft’s AZ-203 exam

Prerequisites

  • General knowledge of Azure

Transcript

Tokens are encoded data, and if we decode that data, we can see that a token is made up of a header, a payload, and a signature. Decoding the data we retrieved from Postman can help us validate we have set up the AAD applications and OAuth and Postman correctly. 

We can use jwt.io to decode the token and take a look at the payload. If you'd like to do this yourself, copy the token out of Postman, go to jwt.io, and paste it into the encoded field. And you can take a look at the payload yourself. In this case, we can see in the image the aud is the audience for this token, which is the back end application. And we can see the app which is in the application requesting the token is the ID of the front end application. Using this tool, we can see we have validated that our application and OAuth flow are configured correctly. Next, let's configure this in our APIM service.

About the Author

Students1590
Courses2

Matthew Quickenden is a motivated Infrastructure Consultant with over 20 years of industry experience supporting Microsoft systems and other Microsoft products and solutions. He works as a technical delivery lead managing resources, understanding and translating customer requirements and expectations into architecture, and building technical solutions. In recent years, Matthew has been focused on helping businesses consume and utilize cloud technologies with a focus on leveraging automation to rapidly deploy and manage cloud resources at scale.