Secure Logic App with API Management using OAuth 2.0
Nov 4 · 3 min read
Overview:
The article gives you an overview of how to secure HTTP based Logic app using Azure API management O-Auth 2.0.

Requirement :
1. Azure Subscription
2. POSTMan
Create HTTP Trigger Based Logic App

Create API Management Instance

Add New API in APIM

Add Operation to API

Set Backend of API operation as Azure Resource (Logic App)

You can verify that api is working without security.

Create New API for Login

Add Operation to get Token

Now Secure Logic App API using O Auth 2.0 Azure Active Directory.
Create Two application in Azure Active Directory for API client and API
Create Application for Logic APP API Client

Create Application for Logic APP API

Expose Scope from Logic App API

Give permission of this Scope into Logic App API Client

Add Client Secret to Logic App API Client Application
Add Policy at API operation to Validate JWT Token
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid."><openid-config url="https://login.microsoftonline.com/{Tenant ID}/.well-known/openid-configuration" /><required-claims><claim name="aud" match="any"><value>api://{ Application Id of Logic App API }</value><value>{Application Id of Logic App API}</value></claim></required-claims></validate-jwt>

Make Sure to remove authorization header while calling Azure Logic App
<set-header id=”apim-generated-policy” name=”Authorization” exists-action=”delete” />
Verify API from browser

Test using PostMan



