» azurerm_api_management_authorization_server

Manages an Authorization Server within an API Management Service.

» Example Usage

data "azurerm_api_management_api" "example" {
  name                = "search-api"
  api_management_name = "search-api-management"
  resource_group_name = "search-service"
  revision            = "2"
}

resource "azurerm_api_management_authorization_server" "example" {
  name                         = "test-server"
  api_management_name          = "${data.azurerm_api_management.example.name}"
  resource_group_name          = "${data.azurerm_api_management.example.resource_group_name}"
  display_name                 = "Test Server"
  authorization_endpoint       = "https://example.mydomain.com/client/authorize"
  client_id                    = "42424242-4242-4242-4242-424242424242"
  client_registration_endpoint = "https://example.mydomain.com/client/register"
  grant_types = [
     "authorizationCode",
  ]
}

» Argument Reference

The following arguments are supported:

  • api_management_name - (Required) The name of the API Management Service in which this Authorization Server should be created. Changing this forces a new resource to be created.

  • authorization_methods - (Required) The HTTP Verbs supported by the Authorization Endpoint. Possible values are DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT and TRACE.

  • authorization_endpoint - (Required) The OAUTH Authorization Endpoint.

  • client_id - (Required) The Client/App ID registered with this Authorization Server.

  • client_registration_endpoint - (Required) The URI of page where Client/App Registration is performed for this Authorization Server.

  • display_name - (Required) The user-friendly name of this Authorization Server.

  • grant_types - (Required) Form of Authorization Grants required when requesting an Access Token. Possible values are authorizationCode, clientCredentials, implicit and resourceOwnerPassword.

  • name - (Required) The name of this Authorization Server. Changing this forces a new resource to be created.

  • resource_group_name - (Required) The name of the Resource Group in which the API Management Service exists. Changing this forces a new resource to be created.


  • bearer_token_sending_methods - (Optional) The mechanism by which Access Tokens are passed to the API. Possible values are authorizationHeader and query.

  • client_authentication_method - (Optional) The Authentication Methods supported by the Token endpoint of this Authorization Server.. Possible values are Basic and Body.

  • client_secret - (Optional) The Client/App Secret registered with this Authorization Server.

  • default_scope - (Optional) The Default Scope used when requesting an Access Token, specified as a string containing space-delimited values.

  • description - (Optional) A description of the Authorization Server, which may contain HTML formatting tags.

  • resource_owner_password - (Optional) The password associated with the Resource Owner.

  • support_state - (Optional) Does this Authorization Server support State? If this is set to true the client may use the state parameter to raise protocol security.

  • token_body_parameters - (Optional) A token_body_parameters block as defined below.

  • token_endpoint - (Optional) The OAUTH Token Endpoint.


A token_body_parameter block supports the following:

  • name - (Required) The Name of the Parameter.

  • value - (Required) The Value of the Parameter.

» Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the API Management Authorization Server.

» Import

API Management Authorization Servers can be imported using the resource id, e.g.

terraform import azurerm_api_management_authorization_server.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.ApiManagement/service/service1/authorizationServers/server1