I'm not sure why you'd like to use get-authorization-context
policy, but how about using APIM's managed identity to authenticate against Blob storage?
[Steps]
- Enable managed identity of your APIM instance. System assigned managed identity is simpler, but user assigned managed identity also works.
- Assign Blob storage owner role to APIM's managed identity.
- Use
authentication-managed-identity
andset-header
policies to add authorization header in order to call Blob storage REST APIs.
Azure API Management policy reference - authentication-managed-identity | Microsoft Learn
<policies>
<inbound>
<base />
<authentication-managed-identity resource="https://storage.azure.com/"
output-token-variable-name="msi-access-token"
ignore-error="false" />
<set-header name="Authorization"
exists-action="override">
<value>@("Bearer " + (string)context.Variables["msi-access-token"])</value>
</set-header>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
After that, you should be able to manipulate blob contents using APIs exposed at APIM. If authentication at APIM is required, you should configure authentication.