生成访问令牌并通过 Azure API 管理针对 IdentityServer4 进行验证 [英] Generate Access Token and validate against IdentityServer4 through Azure API Management

问题描述

我有一个外部端点，它将访问 Azure API 网关，并将其路由到受 IdentityServer4 授权保护的后端 API.

I have an external endpoint which is going to hit the Azure API gateway and that would route it to the backend API which is protected by IdentityServer4 authorization.

如果我使用来自 IdentityServer 的交互式 UI 通过 Postman 客户端点击访问令牌，我将获得访问令牌.

I am getting the access token if I hit it through the Postman client with the interactive UI from IdentityServer.

有没有办法从 Azure API 管理中获取所需的访问令牌，以针对 IdentityServer4 进行验证并将其附加到后端 API 请求的标头中?

Is there a way I can get the access token required from the Azure API Management to validate against the IdentityServer4 and append it to the header in the request to the backend API?

推荐答案

是的，可以通过自定义策略来实现.您可以要求您的外部 API 客户端/消费者在 heaser 中输入凭据，然后在入站内编写策略以读取这些用户凭据并执行 API 请求(类似于您的邮递员)并获取访问令牌.然后，您可以附加相同的令牌，让您的请求转发到后端 API.

Yes it is possible to achieve it through custom policy. You can ask your external API-Client/Consumer to paas in credentials in heaser, and then you write a policy inside inbound to can read those user credentials and do a API request (similar to your postman) and get the access token. You can then append the same token and let your request gets forwarded to backend API.

根据您的问题陈述，这应该可行.如果没有，您可能需要用更多描述/步骤来解释您的场景.

As per your problem statement, this should work. In case not, you might have to explain your scenario with more description/steps.

这里有一些参考资料供您参考，希望对您有所帮助.

Here are some of the reference materials for you, I hope it helps.

https://docs.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#SendRequest

https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-send-request

这篇关于生成访问令牌并通过 Azure API 管理针对 IdentityServer4 进行验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！