debugging azure api managers use of the AAD token endpoint


 

To see what parameters are send to AAD STS, for token issuing as part of the oauth2 handshake,  we configured API manager to use an azure website – rather than AAD – as the token issuer.

image

 

The website is just a hosted ASp.NET web form project, running in the remote debugger, to which we added a beginrequest handler – so we can inspect the request

image

 

image

The posted form has the following parameters:
       {grant_type=authorization_code&code=AAABAAAAvPM1KaPlrEqdFSBzjqfTGKuDarHWcVaE_gAW-T8bBEhryxGinvUkA66Jt-uxbmRl8J5rjUc0aFJi94eDUoO9Bnt-6NR2sXVQYRXhygLUhjdLYrV9UmlBKZu2U_WZFSXO1_6oeIr-1Phz7VoooKJm0Vmh-N4lfUYdPTsbpgbWMhqA60jkFdiGbAwL0ocUrPw-4V8-8PwddLb1mcFOcGERx1jKa62ffZ9L22tJwkAgHhQPvk4K4TDAq60YY1JMWMgUeL9zc3oT_C6AXv6BkiK-cDm6mE9vx3ZTqz6oHP6LdUqE4QO6hukp7ptcr2Tl15WpJus-Ro4hM4gmdXer7hlwBVM22RLdPBKKZOsm649q12SokmOTdhgHcUX0y2aDxqNPhcTwy0z1QNj6pdZ4PiEVJ9i-qxvZrdB2MUSUNrJ7Lw5bEvzD1rM_eSOPjx-rKwu6gSWqYTNFbXcaBgEoQA6m8PULBdItUNwVwjcyeXTHvEhqrYJLBGdhjpucFGTDYqiteM5zyhFj-GiRkS–9x0kv4vg9TbYl0fLFv8bJwjkG19yZIwVKCVelzZ3TVvsQfyT9srcFCCv6BGu2QnLgA-la0Vksu9NnXHh1hpnO1drt7QLXj6p2FTHhCIDEKv1EobQJwFol8yrsTSdi4wJnYa-dvObvFmXn_8nBw57qKFRp-ogAA&redirect_uri=https%3a%2f%2frapmlsqa.portal.azure-api.net%2fdocs%2fservices%2f54e4f45e73c60f106453dac3%2fconsole%2foauth2%2fauthorizationcode%2fcallback&client_id=0bc904ae-3f2c-4ec7-8b71-40f7207112f0&client_secret=fV1OJsfRFOTDdIqTzs%2fdZCRJkHvcPr9fZGJhWo1dQNg%3d}  

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in api manager. Bookmark the permalink.