question

lucileDFR-2926 avatar image
0 Votes"
lucileDFR-2926 asked MikeUrnun commented

Protect an API with azure AD (without policy)

Hello eveyone,

I've created some API (azure function) in Azure API management, I would like to protect the access of these API with a JWT token.
I want to authorize identified clients applications to access to theses APIs.
My clients apllications are registered in my Azure AD with clients id and secrets. They all have access to my backend application, registered in the same AD with some scopes associated, that should represent my different APIs from my API managment. These steps are explained here :


https://docs.microsoft.com/fr-fr/azure/api-management/api-management-howto-protect-backend-with-aad

I don't want in this scenario to identify the user connected but just to know that the application calling my api is the application registered in my AD with client and secret, I don't want to get access to user informations so I don't need any consent of policy.

When I'm using my client application to get my token, I have a redirection to agree policy, there is a way to use my AD to protect my API without these consent ?

I think this is quite simple but I can't found an easy solution.

Thanks for your help.

azure-api-managementazure-ad-app-registration
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @lucileDFR-2926 - Sorry for the long delay in our responses here. To confirm, during the JWT validation, you want to only check if the client ids match but you want to do it without the APIM policies?

0 Votes 0 ·

0 Answers