生成访问令牌并通过Azure API管理针对IdentityServer4进行验证 [英] Generate Access Token and validate against IdentityServer4 through Azure API Management

问题描述

我有一个外部端点，该端点将访问Azure API网关，并将其路由到受IdentityServer4授权保护的后端API。

I have an external endpoint which is going to hit the Azure API gateway and that would route it to the backend API which is protected by IdentityServer4 authorization.

如果我通过Postman客户端使用IdentityServer的交互式UI通过访问令牌访问访问令牌，那么我将获得访问令牌。

I am getting the access token if I hit it through the Postman client with the interactive UI from IdentityServer.

是否可以从Azure API管理中获取所需的访问令牌，以针对IdentityServer4进行验证并将其附加到后端API请求的标头中？

Is there a way I can get the access token required from the Azure API Management to validate against the IdentityServer4 and append it to the header in the request to the backend API?

推荐答案

是的，可以通过自定义策略来实现。您可以要求外部API客户端/消费者在heaser中暂停凭据，然后在入站内部编写一个策略以读取这些用户凭据并发出API请求（类似于邮递员）并获取访问令牌。然后，您可以附加相同的令牌，并让您的请求转发到后端API。

Yes it is possible to achieve it through custom policy. You can ask your external API-Client/Consumer to paas in credentials in heaser, and then you write a policy inside inbound to can read those user credentials and do a API request (similar to your postman) and get the access token. You can then append the same token and let your request gets forwarded to backend API.

根据您的问题陈述，这应该可以工作。否则，您可能需要用更多描述/步骤来解释您的情况。

As per your problem statement, this should work. In case not, you might have to explain your scenario with more description/steps.

以下是一些参考资料，希望对您有所帮助。

Here are some of the reference materials for you, I hope it helps.

https://docs.microsoft.com/zh-cn/azure/api-management/api-management-advanced-policies#SendRequest

https：// docs。 microsoft.com/en-us/azure/api-management/api-management-sample-send-request

这篇关于生成访问令牌并通过Azure API管理针对IdentityServer4进行验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！