Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
|
search
Kong Konnect
github-edit-pageEdit this page
report-issueReport an issue

Configuring Azure for Dynamic Client Registration

Prerequisites

Note: Dynamic client registration supports Azure OAuth v1 token endpoints only. v2 is not supported.

Configure Azure

In Azure, create the main application:

  1. In Azure Active Directory, click App registrations and then click New registration.

  2. Enter a name for the application.

  3. Ensure Accounts in this organizational directory only is selected for Supported account types.

  4. Click Register.

  5. On the application view, go to API permissions, click Add permissions > Microsoft Graph and select the following:
    • Application.Read.All
    • Application.ReadWrite.All
    • Application.ReadWrite.OwnedBy
    • User.Read

  6. Once added, click Grant admin consent. An administrator with Global Admin rights is required for this step.

  7. Select Certificates & secrets and then create a client secret and save it in a secure location. You can only view the secret once.

  8. On the Overview view, note your Directory (tenant) ID and Application (client) ID.

Configure the Dev Portal

Once you have Azure configured, you can set up the Dev Portal to use Azure for dynamic client registration (DCR).

  1. Sign in to Konnect, then select dev-portal icon Dev Portal from the menu.

  2. Click Settings to open the Dev Portal settings.

  3. Click the Application Setup tab to open the DCR settings for your Dev Portal.

  4. Select Azure as the external identity provider..

  5. Enter the Issuer for your Azure tenant, it will look something like https://sts.windows.net/YOUR_TENANT_ID.

  6. Enter appid in the Consumer claims field.

  7. Select the auth method you want to enable.

  8. Enter your Application (client) ID from Azure in the Initial Client ID field.

  9. Enter the Client secret from the admin application created in Azure into the Initial Client Secret field..

  10. Click Save.

If you previously configured any DCR settings, this will overwrite them.

Create an application with DCR

From the My Apps page in the Dev Portal, follow these instructions:

  1. Click the New App button.

  2. Fill out the Create New Application form with your application name and a description.

  3. Click Create to save your application.

  4. After your application has been created, you will see the Client ID and Client Secret. Store these values, they will only be shown once.

  5. Click Proceed to continue to the application’s details page.

Once your application is created, you will see it in Azure. From your Azure homepage select App registrations > All applications. You will see your application that was created in the Dev Portal.

Make a successful request

In the previous steps, you obtained the Client ID and Client Secret. To authorize the request, you must attach this client secret pair in the header. You can do this by using any API product, such as Insomnia, or directly using the command line:

curl example.com/REGISTERED_ROUTE -H "Authorization: Basic CLIENT_ID:CLIENT_SECRET"

Where example.com is the address of the data plane node.

You can also request a bearer token from Azure using this command, using an OAuth2 v1 token endpoint:

curl --request GET \
  --url https://login.microsoftonline.com/TENANT_ID/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=CLIENT_ID \
  --data 'scope=https://graph.microsoft.com/.default' \
  --data 'client_secret=CLIENT_SECRET'