Cloud & Engineering

We regularly write about our technical experiences (good and bad) and what we're learning from the market.

  • There are no suggestions because the search field is empty.

Tags

Assessing Azure API Management Authorisation Approaches

Posted by Paco de la Cruz on 24 April 2023

Azure, Azure API Management, api, security, OAuth 2.0

Introduction

As part of consulting engagements, it is common that customers ask for guidance on the different authentication and authorisation approaches available on API Management and how these approaches meet their security needs while offering support to existing legacy API clients. While many people now know...

Continue reading

Validating RSA JWT Tokens with Azure API Management

Posted by Sujay Athavale on 31 July 2020

Azure, Azure API Management, security, OAuth 2.0, api policy, RSA, RS256, JWT

TL;DR

In this post, I highlight recently enhanced capabilities of the Validate JWT policy in Azure API Management and the specific gap that addresses for customers. I also provide related recommendations, tips and policy samples, which are not as yet available in Microsoft documentation.

Validate JWT policy

The ...

Continue reading

OAuth for your Business Group in Anypoint Platform

Posted by John Kim on 03 September 2019

APIs, mule, anypoint, OAuth 2.0, api policy, okta, cloudhub, openid, business groups

OAuth 2.0 is a common way to secure your APIs. In Anypoint Platform, you can configure OpenID Connect (OIDC) client management in the External Identity section to use an external identity provider for authentications. (MuleSoft has an article that explains this in detail).

However, it is only possible to set this at...

Continue reading

OAuth 2.0 Authorisation with the Client Credentials Flow on Azure API Management

Posted by Paco de la Cruz on 12 July 2019

Azure API Management, Microsoft Azure, OAuth 2.0

A well-adopted way of protecting APIs is by using the OAuth 2.0 authorisation standard. OAuth 2.0 offers different grant types, also known as flows, to cover multiple authorisation scenarios. As an end-user, you most probably have used, in one way or another, the authorisation code flow, in which you, as a resource...

Continue reading