When you use OAuth 2.0 authentication, you get access to a web service from a client application. The way you do this depends on the grant you use. In this tutorial, we will show how to configure the client credentials grant type for applications in Azure Active Directory. In the Client Credentials Grant type, the client application gets access to the web service by using its own credentials.
1. Register applications in Azure Active Directory
To be able to perform OAuth 2.0 authentication by using the client credentials grant type, you need to register both the web service and the client applications in Azure Active Directory. To learn how to do this, see the Microsoft documentation.
2. Configure a client application
A client application is an application that requests a protected resource. After you register it in Azure Active Directory, you need to perform the following steps to apply the client credentials grant type:
-
Open the Azure Active Directory service. In App registrations, open the registration of your client application.
-
Copy the Application (client) ID to some place. You will need it to link the client to the web service and to configure the request authentication:
-
In the Client Credentials Grant type, you will need a client secret. To get it, open the Certificates & secrets page and click New client secret:
Add a short description and click Add.
-
Copy the generated value to some place:
You will not be able to get the client secret after you leave the Certificates & secrets page.
3. Configure a web service application
To configure a web service application, you need to authorize your client application. To do this, perform the following steps:
-
Open the Azure Active Directory service. In App registrations, open the registration of your web service application.
-
Open the Expose an API page.
-
Set the Application ID URI:
-
When you authorize a client, you specify the scope to restrict client access. To define the scope, click Add a scope and configure it as you need:
-
To authorize the client application, click Add a client application and specify the Application ID you got earlier:
4. Configure a request authentication
Now, you can configure authentication to a protected resource.
-
In ReadyAPI, open a REST request.
-
In the Auth panel, click Add Authorization to add a new authentication profile:
-
Select the OAuth 2.0 (Azure) authentication type.
-
ReadyAPI creates a profile and applies it to the request. Click Get Access Token to configure authentication and get an access token:
-
Select Client Credentials Grant and fill in the required fields. To get the needed values, use data you got from Azure Active Directory earlier:
Client identification The application ID of your client application. See the Overview page of your application in the Azure Active Directory. Client Secret The client secret you created earlier. If you do not have it yet, create it on the Certificates & Secrets page of your application in the Azure Active Directory. Resource The Application ID URI of the protected web service. To get it, see the Overview page of your API application in the Azure Active Directory. Access Token URL The URL to which ReadyAPI requests an access token. This URL looks as follows: https://login.microsoftonline.com/<your tenant id>/oauth2/tokenTo get it, open your Azure Active Directory and click Endpoint.
Note: We omit some optional properties in this tutorial. To learn about them, see Client Credentials Grant. -
Click Get Access Token to retrieve the token:
Now, when you send the request, ReadyAPI sends the access token to authenticate it.
See Also
Enabling OAuth 2.0 Authentication
OAuth 2.0 Basics
OAuth 2.0 Grant Types
OpenID Connect