![]() Update the element with the token issuer endpoint you recorded earlier. Update the element with the application ID of the application you created previously in your B2C tenant (for example, webapp1).Ĭ. Update the url value in the element with your policy's well-known configuration URL.ī. Place the following tag inside the policy, and then do the following:Ī. Under Inbound processing, select to open the policy code editor. Select the API that you want to secure with Azure AD B2C. In the Azure portal, go to your Azure API Management instance. By adding a JSON web token (JWT) validation policy that verifies the audience and issuer in an access token, you can ensure that only API calls with a valid token are accepted. You're now ready to add the inbound policy in Azure API Management that validates API calls. For example: Configure the inbound policy in Azure API Management You should now have two URLs recorded for use in the next section: the OpenID Connect well-known configuration endpoint URL and the issuer URI. You'll use this value in the next section, when you configure your API in Azure API Management. On the page that opens in your browser, record the issuer value. Select the hyperlink to go to the OpenID Connect well-known configuration page. This URL is the OpenID Connect well-known discovery endpoint for the user flow, and you'll use it in the next section when you configure the inbound policy in Azure API Management. Record the URL in the hyperlink that's displayed under the Run user flow heading near the top of the page. Select an existing policy (for example, B2C_1_signupsignin1), and then select Run user flow. In the Azure portal, go to your Azure AD B2C tenant. ![]() You also need the token issuer endpoint URI that you want to support in Azure API Management. Next, get the well-known config URL for one of your Azure AD B2C user flows.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |