Azure API中的JWT验证失败错误 [英] JWT validation failure error in azure apim
问题描述
我目前正在尝试使用以下文档来实现Oauth2.0以保护API
I am currently trying to implement Oauth2.0 to protect API using below documentation
https://docs.microsoft.com/zh-CN/azure/api-management/api-management-howto-protect-backend-with-aad
并且当前正在使用azure apim提供的DEMO CONFERENCE API来测试实现.
And currently using the DEMO CONFERENCE API provide by azure apim to test the implementation.
目前在开发人员门户网站的测试过程中收到错误消息:
And currently receiving error during test in developer portal as :
"message":"JWT验证失败:声明值不匹配:aud = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxx .."
"message": "JWT Validation Failed: Claim value mismatch: aud=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxx.."
通过对传递的令牌和声明值及其匹配进行了比较.
Compared the token passed with the claim value by decoding it and its matching.
我有如下的jwt令牌验证策略
I have the jwt token validation policy as below
<inbound>
<base />
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-expiration-time="false" require-signed-tokens="false">
<openid-config url="https://login.microsoftonline.com/xxxxxxxxx-07c8-xxxxx-xxxx-xxxxxxxxx/.well-known/openid-configuration" />
<required-claims>
<claim name="aud" match="all" separator="-">
<value>xxxxxxxx-xxxxx-489e-a26e-xxxxxxxx</value>
</claim>
</required-claims>
</validate-jwt>
</inbound>
推荐答案
首先,您需要验证JWT令牌.然后,当我们注册一个应用程序时,它的注册版本为V1,而Access令牌发行者带有sts url,如果我们尝试通过V2传递Access Token,则失败的V2发行者为 login.microsoft.com .
First, you need to validate your JWT token. Then when we register an application its getting registered with version V1 and Access token issuer comes with sts url and if we try to pass Access Token with V2 its failed V2 issuer is login.microsoft.com.
因此解决方法是将清单文件"accessTokenAcceptedVersion":2 放入AD中已注册的应用程序.请参阅此问题.
So fix is to go in manifest file "accessTokenAcceptedVersion": 2 for registered applications in AD. Refer to this issue.
这篇关于Azure API中的JWT验证失败错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
