Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
ADB2C and APIM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 3%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Abhay Chandramouli
1,061
Reputation points
Hi,
I am trying to validate ADB2C Token using validate-jwt in Azure API Management.
Code:
<validate-jwt token-value="@(context.Variables.GetValueOrDefault<string>("b2cTokenValue"))" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized" require-expiration-time="true" require-signed-tokens="true">
<openid-config url="@(context.Variables.GetValueOrDefault<string>("well-known-ep"))" />
<audiences>
<audience>{{audience-1}}</audience>
<audience>{{audience-2}}</audience>
</audiences>
<issuers>
<issuer>{{adb2c-issuer}}</issuer>
</issuers>
</validate-jwt>
Result:
Can you please help me ?
Azure API Management
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
-
Deepanshu katara 18,150 Reputation points MVP Volunteer Moderator2023-08-28T11:19:40.38+00:00 Hello , Hope you are having good day , can you please share the error you are facing?
-
Abhay Chandramouli 1,061 Reputation points
2023-08-28T13:24:50.99+00:00 My bad.. missed it
Result: IDX10500: Signature validation failed. No security keys were provided to validate the signature.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
JananiRamesh-MSFT 29,446 Reputation points Moderator2023-08-28T17:13:26.2733333+00:00 Hi
Abhay Chandramouli Thanks for reaching out. Please send an email to azcommunity@microsoft.com referencing this thread with below requested information. Please mention "ATTN Janani" in the subject field. I will gladly assist you further.share the Ocp-APIM-Trace to investigate further refer this link https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-api-inspector#trace-a-call
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-api-inspector#enable-tracing-using-ocp-apim-trace-header to get the ocp apim trace.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2023-09-04T13:40:59.25+00:00 Hey - it should be easy - but you need to be careful that the values you are validating against (for example the issuer) match the claims in the b2c token
The easiest way to do this is capture a b2c token from the sign in policy test (b2c portal) and extract using jwt.ms (or similar) then you know the values you need to configure into APIM
Sign in to comment
Sign in to answer