0

I want to implement security to my APIs in azure APIM. I am looking for implementation of JWT validation policy for my APIs in APIM. So that my APIs are secure and token are validated. I can not found any good article that explain me how to configure JWT, provided I have my SSO done with OpenID and have database of users.

Just to be more specific, I do not want user to get the login prompt. Is there any otherway to get the token for security purpose? As my application call the API for registration pages also, there we do not have user to be logged in, In this case how can we validate the APIs at APIM before it is passed to backend.

Many Thanks!, Rajesh

Rajesh
  • 301
  • 3
  • 8
  • The second part of your question about getting the token is a bit unclear. I think my answer helps your first part about jwt policies, but I would need more info to answer the second part. – Jonathon H. Jul 20 '21 at 12:39
  • Thanks for your reply. The only thing which I can see in JWT is that it will ask users to log in or a login prompt will be there. I do not want that. Besides these is there any way to implement the security for APIs in APIM? – Rajesh Jul 28 '21 at 13:00

1 Answers1

0

Here is a tutorial from Microsoft about configuring a validate-jwt policy. It uses AAD as its open-id provider but you can substitute your own if you want.

You can also look at JWT claims, see this tutorial.

Jonathon H.
  • 306
  • 3
  • 7