@Fede The OAuth Configuration in the portal is all for the developer portal experience. The actual step that protects the API by validating the JWT Token is the validate-jwt policy which needs to be included in your policies.
API Management - Security
Fede
21
Reputation points
I just created an API and in the configuration, I set the authorization to Oauth 2.0. That has no effect on the actual API protection, so I had to then add a JWT policy to my API and it seems to be working OK.
I do not quite understand the role of the OAuth authorization flag in the API configuration, it seems not to have any effect. Does anyone know when and why it is needed ?
Accepted answer
-
Pramod Valavala 20,591 Reputation points Microsoft Employee
2021-03-23T05:42:20.757+00:00