验证JWT +令牌到期 [英] Validate JWT + Token expiration
问题描述
我们正在使用Azure APIM,并且移动应用程序正在使用onpremise web api后端。登录和后续调用后,web api提供了一个JWT令牌,使用APIM中的入站策略中的ValidateJWT完成令牌验证,然后将
发送到后端web api ..下面
We are using Azure APIM with an onpremise web api backend being consumed by mobile application. The web api gives a JWT token after login and subsequent calls the token validation is being done using the ValidateJWT in inbound policy in APIM before sending to the backend web api ..as below
< 验证 - jwt
标题名称 = "授权"
failed-validation-httpcode = " 401"
failed-validation-error-message = "您
无权使用此API"
require-expiration-time = " false"
require-signed-tokens = " false" >
<validate-jwt
header-name="Authorization"
failed-validation-httpcode="401"
failed-validation-error-message="You
are not authorized to use this API"
require-expiration-time="false"
require-signed-tokens="false">
推荐答案
在这种情况下,在使用 策略验证变量期间提取声明,并在请求转发到后端API之前在HTTP标头中传递它们。
In this case extract claims during validation into variables using Policies and pass them in HTTP headers before the request is forwarded to the backend API.
此外,请记住放置"Ocp-Apim-Trace"标头参数为"true",以便在API调用期间获取跟踪。
Also, Remember to put the "Ocp-Apim-Trace" header parameter to "true" in order to get the trace during API call.
这篇关于验证JWT +令牌到期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!