Token Validation Using APIM with Third party IDP for Protecting Backend API

Naman Shah 35 Reputation points
2023-05-13T21:28:50.4933333+00:00

Hello !

We are integrating with their party Identity provider. The IDP provides well-know URL and we have configured it as below.

<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
            <openid-config url="https://idp.xyz.com:443/.well-known/openid-configuration" />
            <required-claims>
                <claim name="client_id">
                    <value>channelID</value>
                </claim>
            </required-claims>
        </validate-jwt>
Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,856 questions
{count} votes

1 answer

Sort by: Most helpful
  1. MuthuKumaranMurugaachari-MSFT 22,256 Reputation points
    2023-05-16T14:06:51.6833333+00:00

    Naman Shah Thanks for posting your question in Microsoft Q&A. As per doc validate-jwt-policy#usage-notes, the policy supports RS256 algorithm, but key must be provided either via OpenID configuration endpoint or by providing ID of the uploaded certificate in the policy via issuer-signing-keys.

    User's image

    From the exception above, Number of keys in Configuration: '0' i.e. key is not provided via OpenID configuration endpoint and key is missing in the policy above. So, you would have to specify it via policy, and we have few examples in the doc that would be helpful in doing the validation.

    I hope this helps and let me know if you have any questions.


    If you found the answer to your question helpful, please take a moment to mark it as "Yes" for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.

    0 comments No comments