kevinhillinger · October 24, 2019 18:38
diff --git a/api-app-manifest.json b/api-app-manifest.json
 {
 	"id": "f54fd36e-57c8-4408-a870-3ef2b3b4b685",
 	"acceptMappedClaims": null,
 	"accessTokenAcceptedVersion": null,
 	"addIns": [],
 	"allowPublicClient": null,
 	"appId": "da66ee7b-d762-4e19-8d7c-66a9974baeab",
 	"appRoles": [
 		{
 			"allowedMemberTypes": [
 				"Application"
 			],
 			"description": "Application permission to do something",
 			"displayName": "API Permission",
 			"id": "3ea51f40-2ad7-4e79-aa18-12c45156dc6a",
 			"isEnabled": true,
 			"lang": null,
 			"origin": "Application",
 			"value": "contributor"
 		}
 	],
 	"oauth2AllowUrlPathMatching": false,
 	"createdDateTime": "2019-10-24T15:18:13Z",
 	"groupMembershipClaims": null,
 	"identifierUris": [
 		"api://da66ee7b-d762-4e19-8d7c-66a9974baeab"
 	],
 	"informationalUrls": {
 		"termsOfService": null,
 		"support": null,
 		"privacy": null,
 		"marketing": null
 	},
 	"keyCredentials": [],
 	"knownClientApplications": [],
 	"logoUrl": null,
 	"logoutUrl": null,
 	"name": "Secured API",
 	"oauth2AllowIdTokenImplicitFlow": false,
 	"oauth2AllowImplicitFlow": false,
 	"oauth2Permissions": [],
 	"oauth2RequirePostResponse": false,
 	"optionalClaims": null,
 	"orgRestrictions": [],
 	"parentalControlSettings": {
 		"countriesBlockedForMinors": [],
 		"legalAgeGroupRule": "Allow"
 	},
 	"passwordCredentials": [],
 	"preAuthorizedApplications": [],
 	"publisherDomain": "microsoft.onmicrosoft.com",
 	"replyUrlsWithType": [],
 	"requiredResourceAccess": [
 		{
 			"resourceAppId": "00000003-0000-0000-c000-000000000000",
 			"resourceAccess": [
 				{
 					"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
 					"type": "Scope"
 				}
 			]
 		}
 	],
 	"samlMetadataUrl": null,
 	"signInUrl": null,
 	"signInAudience": "AzureADMyOrg",
 	"tags": [],
 	"tokenEncryptionKeyId": null
 }
diff --git a/apim_policy.xml b/apim_policy.xml
 <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
    <openid-config url="https://login.microsoftonline.com/contoso.onmicrosoft.com/.well-known/openid-configuration" />
    <audiences>
        <audience>api://f54fd36e-57c8-4408-a870-3ef2b3b4b685</audience>
    </audiences>
    <required-claims>
        <claim name="roles" match="all">
            <value>contributor</value>
        </claim>
    </required-claims>
 </validate-jwt>
	{
	"id": "f54fd36e-57c8-4408-a870-3ef2b3b4b685",
	"acceptMappedClaims": null,
	"accessTokenAcceptedVersion": null,
	"addIns": [],
	"allowPublicClient": null,
	"appId": "da66ee7b-d762-4e19-8d7c-66a9974baeab",
	"appRoles": [
	{
	"allowedMemberTypes": [
	"Application"
	],
	"description": "Application permission to do something",
	"displayName": "API Permission",
	"id": "3ea51f40-2ad7-4e79-aa18-12c45156dc6a",
	"isEnabled": true,
	"lang": null,
	"origin": "Application",
	"value": "contributor"
	}
	],
	"oauth2AllowUrlPathMatching": false,
	"createdDateTime": "2019-10-24T15:18:13Z",
	"groupMembershipClaims": null,
	"identifierUris": [
	"api://da66ee7b-d762-4e19-8d7c-66a9974baeab"
	],
	"informationalUrls": {
	"termsOfService": null,
	"support": null,
	"privacy": null,
	"marketing": null
	},
	"keyCredentials": [],
	"knownClientApplications": [],
	"logoUrl": null,
	"logoutUrl": null,
	"name": "Secured API",
	"oauth2AllowIdTokenImplicitFlow": false,
	"oauth2AllowImplicitFlow": false,
	"oauth2Permissions": [],
	"oauth2RequirePostResponse": false,
	"optionalClaims": null,
	"orgRestrictions": [],
	"parentalControlSettings": {
	"countriesBlockedForMinors": [],
	"legalAgeGroupRule": "Allow"
	},
	"passwordCredentials": [],
	"preAuthorizedApplications": [],
	"publisherDomain": "microsoft.onmicrosoft.com",
	"replyUrlsWithType": [],
	"requiredResourceAccess": [
	{
	"resourceAppId": "00000003-0000-0000-c000-000000000000",
	"resourceAccess": [
	{
	"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
	"type": "Scope"
	}
	]
	}
	],
	"samlMetadataUrl": null,
	"signInUrl": null,
	"signInAudience": "AzureADMyOrg",
	"tags": [],
	"tokenEncryptionKeyId": null
	}
	<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
	<openid-config url="https://login.microsoftonline.com/contoso.onmicrosoft.com/.well-known/openid-configuration" />
	<audiences>
	<audience>api://f54fd36e-57c8-4408-a870-3ef2b3b4b685</audience>
	</audiences>
	<required-claims>
	<claim name="roles" match="all">
	<value>contributor</value>
	</claim>
	</required-claims>
	</validate-jwt>