API Management - Security

Fede 21 Reputation points
2021-03-22T18:48:03.977+00:00

I just created an API and in the configuration, I set the authorization to Oauth 2.0. That has no effect on the actual API protection, so I had to then add a JWT policy to my API and it seems to be working OK.

I do not quite understand the role of the OAuth authorization flag in the API configuration, it seems not to have any effect. Does anyone know when and why it is needed ?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,679 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pramod Valavala 20,511 Reputation points Microsoft Employee
    2021-03-23T05:42:20.757+00:00

    @Fede The OAuth Configuration in the portal is all for the developer portal experience. The actual step that protects the API by validating the JWT Token is the validate-jwt policy which needs to be included in your policies.


0 additional answers

Sort by: Most helpful