Enabling OAuth 2.0 Authentication with Azure Active Directory

Applies to ReadyAPI 3.9, last modified on July 29, 2021

When you use OAuth 2.0 authentication, you get access to a web service from a client application. The way you do this depends on the grant you use. In this tutorial, we will show how to configure the client credentials grant type for applications in Azure Active Directory. In the Client Credentials Grant type, the client application gets access to the web service by using its own credentials.

1. Register applications in Azure Active Directory

To be able to perform OAuth 2.0 authentication by using the client credentials grant type, you need to register both the web service and the client applications in Azure Active Directory. To learn how to do this, see the Microsoft documentation.

2. Configure a client application

A client application is an application that requests a protected resource. After you register it in Azure Active Directory, you need to perform the following steps to apply the client credentials grant type:

  1. Open the Azure Active Directory service. In App registrations, open the registration of your client application.

  2. Copy the Application (client) ID to some place. You will need it to link the client to the web service and to configure the request authentication:

    Azure OAuth 2.0 authentication tutorial: Application ID

    Click the image to enlarge it.

  3. In the Client Credentials Grant type, you will need a client secret. To get it, open the Certificates & secrets page and click New client secret:

    Azure OAuth 2.0 authentication tutorial: Getting a client secret

    Click the image to enlarge it.

    Add a short description and click Add.

  4. Copy the generated value to some place:

    Azure OAuth 2.0 authentication tutorial: Client secret

    Click the image to enlarge it.

    You will not be able to get the client secret after you leave the Certificates & secrets page.

3. Configure a web service application

To configure a web service application, you need to authorize your client application. To do this, perform the following steps:

  1. Open the Azure Active Directory service. In App registrations, open the registration of your web service application.

  2. Open the Expose an API page.

  3. Set the Application ID URI:

    Azure OAuth 2.0 authentication tutorial: Setting application ID URI

    Click the image to enlarge it.

  4. When you authorize a client, you specify the scope to restrict client access. To define the scope, click Add a scope and configure it as you need:

    Azure OAuth 2.0 authentication tutorial: Adding a scope

    Click the image to enlarge it.

  5. To authorize the client application, click Add a client application and specify the Application ID you got earlier:

    Azure OAuth 2.0 authentication tutorial: Authorising application

    Click the image to enlarge it.

4. Configure a request authentication

Now, you can configure authentication to a protected resource.

  1. In ReadyAPI, open a REST request.

  2. In the Auth panel, click Add Authorization to add a new authentication profile:

    Azure OAuth 2.0 authentication tutorial: Adding a request authentication

    Click the image to enlarge it.

  3. Select the OAuth 2.0 (Azure) authentication type.

  4. ReadyAPI creates a profile and applies it to the request. Click Get Access Token to configure authentication and get an access token:

    Azure OAuth 2.0 authentication tutorial: Created authorization profile

    Click the image to enlarge it.

  5. Select Client Credentials Grant and fill in the required fields. To get the needed values, use data you got from Azure Active Directory earlier:

    Client identification The application ID of your client application. See the Overview page of your application in the Azure Active Directory.
    Client Secret The client secret you created earlier. If you do not have it yet, create it on the Certificates & Secrets page of your application in the Azure Active Directory.
    Resource The Application ID URI of the protected web service. To get it, see the Overview page of your API application in the Azure Active Directory.
    Access Token URL The URL to which ReadyAPI requests an access token. This URL looks as follows:
    https://login.microsoftonline.com/<your tenant id>/oauth2/token

    To get it, open your Azure Active Directory and click Endpoint.

    Show image

    Note: We omit some optional properties in this tutorial. To learn about them, see Client Credentials Grant.
  6. Click Get Access Token to retrieve the token:

    Azure OAuth 2.0 authentication tutorial: Getting Access Token

    Click the image to enlarge it.

Now, when you send the request, ReadyAPI sends the access token to authenticate it.

See Also

Enabling OAuth 2.0 Authentication
About OAuth 2.0
OAuth 2.0 Grant Types
OpenID Connect Grant Types

Highlight search results