APIM Policy to store the public key and verify against it

Question

I need to store the issuer signing key in keyvault and then verify the JWT against it through apim policy . How to do that ?

<policies>
    <inbound>
        <base />
        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized">
            <issuer-signing-keys>
                <key>123412341234123412341234</key>
            </issuer-signing-keys>
        </validate-jwt>
    </inbound>
</policies>

Please paste code as text and not as an image: https://meta.stackoverflow.com/questions/285551/why-should-i-not-upload-images-of-code-data-errors — Markus Meyer, Nov 09 '22 at 14:50
its a just a normal example code which i copied from here : https://azure.github.io/apim-lab/apim-lab/7-security/apimanagement-7-1-JWT-Validation.html — technocraft, Nov 09 '22 at 15:46

Mo Haidar · Answer 1 · 2022-11-10T10:22:37.457

1

Use named values and configured it to get your secret from Key Vault and then use it in the policy

  <key>{{IssuerSigningKey}}</key>

edited Nov 10 '22 at 10:22

answered Nov 09 '22 at 16:36

Mo Haidar

3,748
6
37
76

APIM Policy to store the public key and verify against it

1 Answers1