Enabling OAuth 2.0 Authentication with Azure Active Directory

To be able to perform OAuth 2.0 authentication by using the client credentials grant type, you need to register both the web service and the client applications in Azure Active Directory. To learn how to do this, see the Microsoft documentation.

A client application is an application that requests a protected resource. After you register it in Azure Active Directory, you need to perform the following steps to apply the client credentials grant type:

1. Open the Azure Active Directory service. In App registrations, open the registration of your client application.

2. Copy the Application (client) ID to some place. You will need it to link the client to the web service and to configure the request authentication:

   

   Click the image to enlarge it.

3. In the Client Credentials Grant type, you will need a client secret. To get it, open the Certificates & secrets page and click New client secret:

   

   Click the image to enlarge it.

   Add a short description and click Add.

4. Copy the generated value to some place:

   

   Click the image to enlarge it.

   You will not be able to get the client secret after you leave the Certificates & secrets page.

To configure a web service application, you need to authorize your client application. To do this, perform the following steps:

1. Open the Azure Active Directory service. In App registrations, open the registration of your web service application.

2. Open the Expose an API page.

3. Set the Application ID URI:

   

   Click the image to enlarge it.

4. When you authorize a client, you specify the scope to restrict client access. To define the scope, click Add a scope and configure it as you need:

   

   Click the image to enlarge it.

5. To authorize the client application, click Add a client application and specify the Application ID you got earlier:

   

   Click the image to enlarge it.

Now, you can configure authentication to a protected resource.

1. In ReadyAPI, open a REST request.

2. In the Auth panel, click Add Authorization to add a new authentication profile:

   

   Click the image to enlarge it.

3. Select the OAuth 2.0 (Azure) authentication type.

4. ReadyAPI creates a profile and applies it to the request. Click Get Access Token to configure authentication and get an access token:

   

   Click the image to enlarge it.

5. Select Client Credentials Grant and fill in the required fields. To get the needed values, use data you got from Azure Active Directory earlier:

   Client identification	The application ID of your client application. See the Overview page of your application in the Azure Active Directory.
   Client Secret	The client secret you created earlier. If you do not have it yet, create it on the Certificates & Secrets page of your application in the Azure Active Directory.
   Resource	The Application ID URI of the protected web service. To get it, see the Overview page of your API application in the Azure Active Directory.
   Access Token URL	The URL to which ReadyAPI requests an access token. This URL looks as follows: https://login.microsoftonline.com/<your tenant id>/oauth2/token To get it, open your Azure Active Directory and click Endpoint. Show image Show imageHide image Click the image to enlarge it.

   Note:

   We omit some optional properties in this tutorial. To learn about them, see Client Credentials Grant.

6. Click Get Access Token to retrieve the token:

   

   Click the image to enlarge it.

Now, when you send the request, ReadyAPI sends the access token to authenticate it.