avatarsimbu

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

1811

Abstract

tter app on iOS.</a></li><li><a href="https://readmedium.com/flutter-microsoft-api-management-secured-with-ad-msal-for-android-99da0396eb5d">MSAL — Authenticating your Flutter app on Android.</a></li><li><a href="https://readmedium.com/flutter-microsoft-api-management-secured-with-ad-msal-for-the-web-905c46d5c45d">MSAL — Authenticating your Flutter app on the Web.</a></li></ul><p id="0b9b">If you interested in the Azure setup take a look at the articles about creating an API Management service and hosting your API’s behind a gateway:</p><ul><li><a href="https://readmedium.com/flutter-microsoft-api-management-secured-with-ad-web-api-adaa189d34e5">Web API — Setting up your Web API with Visual Studio.</a></li><li><a href="https://readmedium.com/flutter-microsoft-api-management-secured-with-ad-apim-service-771a5100fb69">APIM Service — Creating an API management service in Azure.</a></li><li><a href="https://readmedium.com/flutter-microsoft-api-management-secured-with-ad-secure-gateway-f75622a2e08f">Secure Gateway — Securing requests through the API gateway.</a></li><li><a href="https://readmedium.com/flutter-microsoft-api-management-secured-with-ad-hosted-api-91e414443e79">Hosted API — Hosting your Web API’s on Azure.</a></li><li><a href="https://readmedium.com/flutter-microsoft-api-management-secured-with-ad-hosted-gateway-ce558e9db067">Secure Hosted API — Secure requests with the APIM Gateway</a></li></ul><p id="07b3">That should be enough to get your application working with Azure Identity & API services, or give you a starting point if you are in charge of setting up the Azure services.</p><p id="a619">You will need to do more research around your user profiles, networking, API standards, CI/CD etc.. to get the right setup for you and your applications.</p><h1 id="7912">XP</h1>

Options

<p id="baaa">The API is protected by an APIM gateway policy that requires an OAuth Bearer token which our Azure AD issues.</p><p id="267f">To set this up and secure our API we had to register the client application and the API application in our Azure AD and give the client application permission to use the API.</p><figure id="6e29"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*4L4xd14Vf-LUnaOAKrr-XQ.png"><figcaption>Client and API Apps registered with Azure AD.</figcaption></figure><p id="e063">There are a number of options to assign permissions in Azure AD, in our examples we assigned the client application permission, but we could equally get the API application to allow the client application permission to one or all of the scopes it defines by adding a client in the Expose an API view:</p><figure id="cede"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*xqn6GJ90KWWQH93Qgbl9aw.png"><figcaption>From czmiel24 article on “Configuring Scopes in Azure Active Directory (Part 2)”</figcaption></figure><p id="c23f"><a href="https://dev.to/czmiel24">czmiel24</a> has written a nice three part series on <a href="https://dev.to/czmiel24/configuring-scopes-in-azure-active-directory-part-1-3bio">Configuring Scopes in Azure Active Directory</a> with links to a good <a href="https://youtu.be/996OiexHze0">video on OAuth2</a>.</p><p id="00e5">You can use <a href="https://jwt.io/">jwt.io</a> to deserialise your tokens to see what is going on in the exchange.</p><p id="4702">Here is an example access token that was issued when authenticating an API request using Postman:</p><figure id="97ec"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*APJ9vYCpr5EkR9hvPxsGug.png"><figcaption>Example token investigation</figcaption></figure></article></body>
Join Medium to view all my articles.

Flutter — Secure your App with Microsoft’s Identity Platform (AAD & APIM)

Use the Microsoft identity platform and our open-source authentication libraries to sign in users with Azure AD accounts, Microsoft accounts, and social accounts like Facebook and Google. Protect your web APIs and access protected APIs like Microsoft Graph to work with your users’ and organization’s data.

Microsoft Identity Platform

Comprehensive security and compliance, built in

Not the most interesting read, but it feels good to get security across the line, leaving yourself free to develop applications.

Flutter Apps secured with MS Identity platform

To integrate your Flutter Apps with the MS identity platform, take a look at my articles on the Microsoft Authentication Library (MSAL):

If you interested in the Azure setup take a look at the articles about creating an API Management service and hosting your API’s behind a gateway:

That should be enough to get your application working with Azure Identity & API services, or give you a starting point if you are in charge of setting up the Azure services.

You will need to do more research around your user profiles, networking, API standards, CI/CD etc.. to get the right setup for you and your applications.

XP

The API is protected by an APIM gateway policy that requires an OAuth Bearer token which our Azure AD issues.

To set this up and secure our API we had to register the client application and the API application in our Azure AD and give the client application permission to use the API.

Client and API Apps registered with Azure AD.

There are a number of options to assign permissions in Azure AD, in our examples we assigned the client application permission, but we could equally get the API application to allow the client application permission to one or all of the scopes it defines by adding a client in the Expose an API view:

From czmiel24 article on “Configuring Scopes in Azure Active Directory (Part 2)”

czmiel24 has written a nice three part series on Configuring Scopes in Azure Active Directory with links to a good video on OAuth2.

You can use jwt.io to deserialise your tokens to see what is going on in the exchange.

Here is an example access token that was issued when authenticating an API request using Postman:

Example token investigation
Flutter
API
Microsoft
Identity Management
Oauth2
Recommended from ReadMedium