Share via

Adding support to HTTP siganture to token request URL (AD)

Claudio Resende 126 Reputation points
2021-04-20T06:56:06.423+00:00

I have AKS services being accessed through API Management, I am securing it with OAuth2.
For getting the token through client credential flow the user call https://login.microsoftonline.com/{tenent}{/oauth2/v2.0/token
I would like to enforce this URL with HTTP Signature as documented here https://tools.ietf.org/html/draft-cavage-http-signatures-10.

Would be possible to enforce the token request in Azure?

Azure API Management
Azure API Management

An Azure service that provides a hybrid, multi-cloud management platform for APIs.

Azure Application Gateway
Azure Application Gateway

An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,741 Reputation points Volunteer Moderator
    2021-04-23T16:36:21.573+00:00

    Hello @Claudio Resende ,

    Thanks for reaching out.

    Tokens issued by Azure AD are signed using industry standard asymmetric encryption algorithms, such as RS256, therefore Signing HTTP Messages

    Azure AD token, the signature segment can be used to validate the authenticity of the token so that it can be trusted by your app. More information: https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-the-signature.

    Hope this help.

    --------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.