I want to validate custom claims which are part of JWT token. Token has custom user claims, application claims and other details.
For user claims, I want to have custom policy/block like
<validate-logintype> {validation logic in this block} </validation-logintype>
For application claims, custom policy like
<request-from> {validation logic} </request-from>
Include the above blocks in actual API policy
User API:
<policy>
<inbound>
<validate-logintype>
<base />
</inbound>
</policy>
Can someone please help how this can be implemented.
something like this?
<policies>
<inbound>
<base />
<set-header id="apim-generated-policy" name="Ocp-Apim-Subscription-Key" exists-action="delete" />
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://login.microsoftonline.com/<yourtenant>/.well-known/openid-configuration" />
<audiences>
<audience>{{claim1}}</audience>
</audiences>
</validate-jwt>
</inbound>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.