How to access Azure Proxy API using client credentials
I have a on-prem server which hosts a API, and I have exposed the API using the Azure AD Application Proxy using the steps mentioned here:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-application
I am able to access the API via the proxy using OAuth 2.0 by getting authorization code from Azure AD, and then a token, specifying as resource the proxy URI.
Question is, how can I access the API without going through the OAuth 2.0 authorization flow?
I tried the client credential flow by creating another Web API App (App2) and given access to the proxy app. I am able to get the token using client credential flow using the steps below.
https://login.microsoftonline.com/{tenantid}/oauth2/token
?grant_type=client_credentials
&client_id={clientId}
&client_secret={secret}
&resource={proxyurl}
When I use this token to access the proxy API, it says
When I tried with token (by authorization flow) I am able to access the proxy API, but when I tried to access the proxy API using the token given to the App2, I think it should allow to access the API.
Current result is:
InternalServerError:
This corporate app can't be accessed right now.
Please try again later...
Next Steps
Client request encountered an internal server error.
Quick Links
Learn more about Application Proxy services
Troubleshoot Application Proxy services
azure-active-directory edited Jan 21 at 11:52
Philippe Signoret
6,65512443
asked Jan 18 at 23:47
ManoharManohar
2318
add a comment |
I have a on-prem server which hosts a API, and I have exposed the API using the Azure AD Application Proxy using the steps mentioned here:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-application
I am able to access the API via the proxy using OAuth 2.0 by getting authorization code from Azure AD, and then a token, specifying as resource the proxy URI.
Question is, how can I access the API without going through the OAuth 2.0 authorization flow?
I tried the client credential flow by creating another Web API App (App2) and given access to the proxy app. I am able to get the token using client credential flow using the steps below.
https://login.microsoftonline.com/{tenantid}/oauth2/token
?grant_type=client_credentials
&client_id={clientId}
&client_secret={secret}
&resource={proxyurl}
When I use this token to access the proxy API, it says
When I tried with token (by authorization flow) I am able to access the proxy API, but when I tried to access the proxy API using the token given to the App2, I think it should allow to access the API.
Current result is:
InternalServerError:
This corporate app can't be accessed right now.
Please try again later...
Next Steps
Client request encountered an internal server error.
Quick Links
Learn more about Application Proxy services
Troubleshoot Application Proxy services
azure-active-directory edited Jan 21 at 11:52
Philippe Signoret
6,65512443
asked Jan 18 at 23:47
ManoharManohar
2318
I cannot understand what you mean, could you make it clear? For example, you use app2 to access api by using oauth 2.0 authentication flow?
– SunnySun
Jan 21 at 3:07
How have you configured authentication in your on-premises app?
– Philippe Signoret
Jan 21 at 11:54
@PhilippeSignoret I am doing some tests so for now on prem app is just pass through. But if want to access from proxy it has to go through AAD auth (thats how I did setup). All I am looking is, I have configured azure proxy for onprem app, wanted to access from the background process, so looking for non user interactive authentication mechanism, If I understand correctly i.e client credential flow.
– Manohar
Jan 22 at 5:25
add a comment |
I have a on-prem server which hosts a API, and I have exposed the API using the Azure AD Application Proxy using the steps mentioned here:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-application
I am able to access the API via the proxy using OAuth 2.0 by getting authorization code from Azure AD, and then a token, specifying as resource the proxy URI.
Question is, how can I access the API without going through the OAuth 2.0 authorization flow?
I tried the client credential flow by creating another Web API App (App2) and given access to the proxy app. I am able to get the token using client credential flow using the steps below.
https://login.microsoftonline.com/{tenantid}/oauth2/token
?grant_type=client_credentials
&client_id={clientId}
&client_secret={secret}
&resource={proxyurl}
When I use this token to access the proxy API, it says
When I tried with token (by authorization flow) I am able to access the proxy API, but when I tried to access the proxy API using the token given to the App2, I think it should allow to access the API.
Current result is:
InternalServerError:
This corporate app can't be accessed right now.
Please try again later...
Next Steps
Client request encountered an internal server error.
Quick Links
Learn more about Application Proxy services
Troubleshoot Application Proxy services
azure-active-directory edited Jan 21 at 11:52
Philippe Signoret
6,65512443
asked Jan 18 at 23:47
ManoharManohar
2318
I have a on-prem server which hosts a API, and I have exposed the API using the Azure AD Application Proxy using the steps mentioned here:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-application
I am able to access the API via the proxy using OAuth 2.0 by getting authorization code from Azure AD, and then a token, specifying as resource the proxy URI.
Question is, how can I access the API without going through the OAuth 2.0 authorization flow?
I tried the client credential flow by creating another Web API App (App2) and given access to the proxy app. I am able to get the token using client credential flow using the steps below.
https://login.microsoftonline.com/{tenantid}/oauth2/token
?grant_type=client_credentials
&client_id={clientId}
&client_secret={secret}
&resource={proxyurl}
When I use this token to access the proxy API, it says
When I tried with token (by authorization flow) I am able to access the proxy API, but when I tried to access the proxy API using the token given to the App2, I think it should allow to access the API.
Current result is:
InternalServerError:
This corporate app can't be accessed right now.
Please try again later...
Next Steps
Client request encountered an internal server error.
Quick Links
Learn more about Application Proxy services
Troubleshoot Application Proxy services
azure-active-directory azure-active-directory edited Jan 21 at 11:52
Philippe Signoret
6,65512443
asked Jan 18 at 23:47
ManoharManohar
2318
edited Jan 21 at 11:52
Philippe Signoret
6,65512443
asked Jan 18 at 23:47
ManoharManohar
2318
edited Jan 21 at 11:52
Philippe Signoret
6,65512443
edited Jan 21 at 11:52
Philippe Signoret
6,65512443
edited Jan 21 at 11:52
Philippe Signoret
6,65512443
6,65512443
asked Jan 18 at 23:47
ManoharManohar
2318
asked Jan 18 at 23:47
ManoharManohar
2318
asked Jan 18 at 23:47
ManoharManohar
2318
2318
I cannot understand what you mean, could you make it clear? For example, you use app2 to access api by using oauth 2.0 authentication flow?
– SunnySun
Jan 21 at 3:07
How have you configured authentication in your on-premises app?
– Philippe Signoret
Jan 21 at 11:54
@PhilippeSignoret I am doing some tests so for now on prem app is just pass through. But if want to access from proxy it has to go through AAD auth (thats how I did setup). All I am looking is, I have configured azure proxy for onprem app, wanted to access from the background process, so looking for non user interactive authentication mechanism, If I understand correctly i.e client credential flow.
– Manohar
Jan 22 at 5:25
add a comment |
I cannot understand what you mean, could you make it clear? For example, you use app2 to access api by using oauth 2.0 authentication flow?
– SunnySun
Jan 21 at 3:07
How have you configured authentication in your on-premises app?
– Philippe Signoret
Jan 21 at 11:54
@PhilippeSignoret I am doing some tests so for now on prem app is just pass through. But if want to access from proxy it has to go through AAD auth (thats how I did setup). All I am looking is, I have configured azure proxy for onprem app, wanted to access from the background process, so looking for non user interactive authentication mechanism, If I understand correctly i.e client credential flow.
– Manohar
Jan 22 at 5:25
I cannot understand what you mean, could you make it clear? For example, you use app2 to access api by using oauth 2.0 authentication flow?
– SunnySun
Jan 21 at 3:07
I cannot understand what you mean, could you make it clear? For example, you use app2 to access api by using oauth 2.0 authentication flow?
– SunnySun
Jan 21 at 3:07
How have you configured authentication in your on-premises app?
– Philippe Signoret
Jan 21 at 11:54
How have you configured authentication in your on-premises app?
– Philippe Signoret
Jan 21 at 11:54
@PhilippeSignoret I am doing some tests so for now on prem app is just pass through. But if want to access from proxy it has to go through AAD auth (thats how I did setup). All I am looking is, I have configured azure proxy for onprem app, wanted to access from the background process, so looking for non user interactive authentication mechanism, If I understand correctly i.e client credential flow.
– Manohar
Jan 22 at 5:25
@PhilippeSignoret I am doing some tests so for now on prem app is just pass through. But if want to access from proxy it has to go through AAD auth (thats how I did setup). All I am looking is, I have configured azure proxy for onprem app, wanted to access from the background process, so looking for non user interactive authentication mechanism, If I understand correctly i.e client credential flow.
– Manohar
Jan 22 at 5:25
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54262823%2fhow-to-access-azure-proxy-api-using-client-credentials%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54262823%2fhow-to-access-azure-proxy-api-using-client-credentials%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I cannot understand what you mean, could you make it clear? For example, you use app2 to access api by using oauth 2.0 authentication flow?
– SunnySun
Jan 21 at 3:07
How have you configured authentication in your on-premises app?
– Philippe Signoret
Jan 21 at 11:54
@PhilippeSignoret I am doing some tests so for now on prem app is just pass through. But if want to access from proxy it has to go through AAD auth (thats how I did setup). All I am looking is, I have configured azure proxy for onprem app, wanted to access from the background process, so looking for non user interactive authentication mechanism, If I understand correctly i.e client credential flow.
– Manohar
Jan 22 at 5:25