Overview of OAuth2JWT Authentication Policy
Description
-
This policy authenticates API requests coming from the client using API Management OAuth2 access token as well as third-party JWT on the same service endpoint.
-
Policy supports embedded API Key (client_id) passed in JWT payload claim through API request to perform authentication.
-
Policy enforces existence and validity of a JWT specified in HTTP Authorization header.
-
Policy supports injecting claims value in request to enrich HTTP headers which are specified in pre-input configuration.
-
Policy provides configurable capability to block/forward HTTP Authorization header to backend/origin server.
-
Natively supports chaining of API Management customer processors and Policies.
-
Supports JSONPath expression to locate claim value for non-standard JWT claims.
-
Support match policy to allow additional validation based on JWT claims value.
-
Supports pre-processing of API request.