Overview of OAuth2JWT Authentication Connector

Release Notes

API Management Release Date	Release Type	Release Description
May 11, 2020	New Feature	Support match policy to allow additional validation based on JWT claims value.

Description

• This connector authenticates API requests coming from the client using API Management OAuth2 access token as well as third-party JWT on the same service endpoint.

• Connector supports embedded API Key (client_id) passed in JWT payload claim through API request to perform authentication.

• Connector enforces existence and validity of a JWT specified in HTTP Authorization header.

• Connector supports injecting claims value in request to enrich HTTP headers which are specified in pre-input configuration.

• Connector provides configurable capability to block/forward HTTP Authorization header to backend/origin server.

• Natively supports chaining of API Management customer processors and Connectors.

• Supports JSONPath expression to locate claim value for non-standard JWT claims.

• Support match policy to allow additional validation based on JWT claims value.

• Supports pre-processing of API request.

Related Links

• Usage

• Design and Implementation

• Configuring Endpoint Call Processing

• Local Edition Porting and Chaining