Skip to content

Instantly share code, notes, and snippets.

@lurumad
Last active September 25, 2018 12:13
Show Gist options
  • Save lurumad/db92578de091a6301778078920edc610 to your computer and use it in GitHub Desktop.
Save lurumad/db92578de091a6301778078920edc610 to your computer and use it in GitHub Desktop.
Protecting APIM with OpenId Connect

Add OpenID Connect server

https://idsrv/.well-known/openid-configuration

Client credentials:

  • implicit
  • https://{service}.portal.azure-api.net/docs/services/idsvr/console/openidconnect/authorizationcode/callback
  • https://{service}.portal.azure-api.net/docs/services/idsvr/console/openidconnect/implicit/callback

Configure API in Azure Portal

Enable OpenId Connect

Explain how to configure Identity Server 4

Add new policy to validate JWT token

<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
            <openid-config url="{{OpenIdConfigUrl}}" />
        </validate-jwt>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment