Front and Back Channels

Contents

Introduction
1
Introduction
PREVIEW1m 37s
2
Getting Started
PREVIEW1m 19s
3
Overview
2m 25s
4
Scenario Outline
1m 31s
Configuring the Service
5
Configuring the Service
10m 30s
API Policies
14
API Policies
2m 15s
15
Adding API Policies
12m 5s
Summary
16
Summary
45s

The course is part of these learning paths

Designing Azure Compute Solutions - Level 3
5
4
AZ-305 Exam Preparation: Designing Microsoft Azure Infrastructure Solutions
31
5
14
1
AZ-204 Exam Preparation: Developing Solutions for Microsoft Azure
22
3
10
1
AZ-500 Exam Preparation: Microsoft Azure Security Technologies
27
1
10
1
more_horizSee 1 more
Start course
Overview
Difficulty
Advanced
Duration
54m
Students
3320
Ratings
4.4/5
starstarstarstarstar-half
Description

This course deals with how to deploy, configure, and manage some keys aspects of Azure API management (APIM). In particular, we focus on the authentication mechanism and go into depth about how to set up OAuth 2.0, including creating the Azure AD required application registrations. To help with understanding and troubleshooting the OAuth flow, we utilize Postman to check and validate our configuration.

Next, we take a look at how we can alter API requests at various scopes using API policies. Finally, we look at how to view effective API policies that span multiple scopes and also how to trace API policies during runtime.

Learning Objectives

  • Deploy Azure API Management and import an existing API
  • Gain an understanding of how the configure authentication against APIM using OAuth 2.0
  • Implement API policies against the imported API to alter the API request
  • Use Postman to make API requests against APIM and request and use OAuth authorization tokens
  • Secure the imported API by requiring a valid Azure AD token

Intended Audience

Prerequisites

Transcript

You might be wondering the reason we create two applications. Let's look at the OAuth diagram again. When talking about OAuth, there is the concept of front channel and back channel. The front channel could be a browser on a user's computer. A browser is very good at interacting with users. For example, presenting the user with a login screen and asking for user approvals. However, we don't control the browser, and we can't trust it with sensitive information. The back channel is considered servers or code we control or, more importantly, we can trust with sensitive information. 

This is why we get an access token in two phases. First, we get an authorization token through the browser or front channel. We can then exchange this authorization token over the back channel using the client ID and secret we have already configured. OAuth utilizes the best things about the front channel and the best things about the back channel in order to obtain the access token or bearer token securely.

About the Author
Avatar
Matthew Quickenden
Instructor
Students
4601
Courses
3

Matthew Quickenden is a motivated Infrastructure Consultant with over 20 years of industry experience supporting Microsoft systems and other Microsoft products and solutions. He works as a technical delivery lead managing resources, understanding and translating customer requirements and expectations into architecture, and building technical solutions. In recent years, Matthew has been focused on helping businesses consume and utilize cloud technologies with a focus on leveraging automation to rapidly deploy and manage cloud resources at scale.

Covered Topics

WebDevelopmentComputeMicrosoft AzureDevelopment for AzureCompute for AzureAzure API Management