How to - Azure APIM as a client to invoke Auth0 management APIs?

Get Help
,
1

Hi All,

I want to use Azure APIM as a client to invoke Auth0 management APIs.

The workflow looks like this.

Client application calls APIM → APIM creates an Auth token and calls Auth0 management API → APIM returns response to the client application.

I was going through this documentation: Sorry it is not allowing me to paste a link but you can find this in the documentation under Integrations > Azure API Management and it states

Using Auth0 as an OAuth 2.0 server to authenticate users wanting access to an API managed by the Azure API Management service

But my usecase is to have APIM create an auth token and call the Auth0 mangement API and return a response.

Are there any instructions to achieve this?

3

HI @TechThiru,

Welcome to the Auth0 Community!

I understand what you are trying to achieve with creating an APIM calling the Auth0 Management API, which is indeed the reverse mechanism of the current integration detailed in this article - Integrate with Azure API Management.

This flow is fully supported by a recently added feature from Microsoft, the Azure APIM Credential Manager using the Generic OAuth 2.0 provider, since Auth0 is not yet listed as a primary provider, so unfortunately there is no current documentation on our side that would provide this type of guidance. In this scenario it would be beneficial to create a feature request both on Microsoft’s forum, but also here in Auth0, since others might be interested as well in supporting this use case.

Generic steps needed on Auth0’s side to allow the APIM service to request a token with the Client Credentials grant would include:

  • Create a M2M Application: In the Auth0 Dashboard, create a Machine to Machine (M2M) Application
  • Authorize Management API: Go to the application’s settings, click the APIs tab, and authorize the application to access the Auth0 Management API
  • Grant Scopes: Grant the application the specific scopes it needs (e.g., read:users, update:users).
  • Gather Credentials: Record the Client ID, Client Secret, Domain, and the Audience (the Management API Identifier).

Then I would suggest following Microsoft’s documentation, specifically the general process for setting up a custom OAuth 2.0 provider with the Client Credentials flow, described under this Microsoft page - Configure common credential providers in credential manager.

I hope this helps!
Best regards,
Remus