Skip to main content
Feedback

Overview of OAuth2JWT Authentication Policy

Description

  • This policy authenticates API requests coming from the client using API Management OAuth2 access token as well as third-party JWT on the same service endpoint.

  • Policy supports embedded API Key (client_id) passed in JWT payload claim through API request to perform authentication.

  • Policy enforces existence and validity of a JWT specified in HTTP Authorization header.

  • Policy supports injecting claims value in request to enrich HTTP headers which are specified in pre-input configuration.

  • Policy provides configurable capability to block/forward HTTP Authorization header to backend/origin server.

  • Natively supports chaining of API Management customer processors and Policies.

  • Supports JSONPath expression to locate claim value for non-standard JWT claims.

  • Support match policy to allow additional validation based on JWT claims value.

  • Supports pre-processing of API request.

On this Page