0

I have added the policy to validate jwt token in APIM. right now it validates and send error message and its all working fine. I am trying to send different error message for different scenario for e.g if the toke is not there or invalid I will return 401 with invalida token as error message or if the toekn is expired I want to send 401 with token is expired message. for this I am using something like below, is there any other way we can achieve instead have two different same policy?

<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Invalid token or token not found." require-expiration-time="false" require-signed-tokens="true">
            <openid-config url="server.config" />
            <audiences>
                <audience>serveraud</audience>
            </audiences>
            <issuers>
                <issuer>serveriss</issuer>
            </issuers>
        </validate-jwt>
        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Token Expired." require-expiration-time="true" require-signed-tokens="true">
            <openid-config url="server.config" />
            <audiences>
                <audience>serveraud</audience>
            </audiences>
            <issuers>
                <issuer>serveriss</issuer>
            </issuers>
        </validate-jwt>
threeleggedrabbit
  • 1,722
  • 2
  • 28
  • 60

1 Answers1

0

You can put a condition check on the "failed-validation-error-message" in the policy. You may leverage "choose" condition :

https://www.codit.eu/blog/azure-api-management-conditional-policies/

APIM Policy to convert and incoming GET request to a POST request for my back end service

JayaChatterjee-MSFT
  • 891
  • 6
  • 12