I've never leaned how this works in practice, kudos for this nice vid!

This was quick but good. I have used Oauth plenty as a developer, but have never setup it up with Azure.

Perfect! Loved the fact this this has clear explanation of what is being registered in AD and why. Thanks! helped me in setting up APIM.

Thank you it helped with my project!

short and sweet demo with precise steps. Thank you :)

Simply amazing! You have helped so much on a tight deadline!

Sweet and short! It helped me resolved my task!!

Great video, really helped me understand the process and setup a simple demo api with oauth i can build upon.

very to the point thanks !

Can't you bypass a pim if you get the function app URL, what's protecting it at that level?

Great video. Thanks for spending time to put it together.

Thanks, great video

Very good guide. Thank you.

Thank you very much for your video, but I had a question: If I have more than one customer wanting to use my api, do I always need to create a new app for them to access? If so, how do I dynamically add a new scope in APIM policies?

Is there a way to use another identity provider such as Okta or Auth0 and perform OIDC flow?

@Sri Gunnala- Hi Sri Gunnala, I am able to generate the access token by configuring this and also added the jwt-validation policy in inbound request of the api to protect it. The problem is even though I have added the aut token as bearer, it shows invalid auth token error. Do I need to make any configuration related settings in apim itself for open-id connect

Thanks buddy... but what about refresh token, how that will be generated and validated

Interesting.. is it possible to protect only few endpoints which path starts with some prefix? for example lets say /public/* are unprotected and /protected/api/* are all protected

quick and informative

Hi @Sri Gunnala, thanks for the video. I have one doubt. If we can authentication in function app itself, then why do we need to configure Api management service?

I don't want to supply client secret in client scripts ... we have thousands of devices call APIs through APIM. I don't want share client secret in devices

Great video! I want to secure powerautomate when a http request is recieved flow through api management could you please do a video on this as its not available in the entire internet.

Hi Sri, Can we apply SharePoint permissions to the azure app and authenticate the SharePoint api?

I am getting security recommendation as API endpoints in azure api management should be authenticated. I have openai as backend & I dont want to use Azure AD. How should I resolve this issue using other self service setup other than Azure AD. Can you please guide me on this?

Given that I know the url to the backend function, what stops me from calling it directly?

how does this work in the dev portal?