Validating JSON web tokens in Azure API Management
The validate-jwt
policy in Azure API Management provides the capability to enforce a valid JWT in an incoming HTTP request. One of these validation rules is whether the received token contains certain role claims. This authorization functionality is very useful when allowing/denying certain functionality to users of the application based on their role membership.
An example of such a policy is shown here:
Management of service principal roles to certain Azure Directory Applications is rather tedious. One has to look up the role assignments of an Azure Active Directory application to find out if the service principal has the correct access. Moreover, in certain scenarios, one has to wait a couple of seconds before a role assignment is available for use. All this adds to the problem of managing a service principal for validating JWTs in Azure API Management. In a single Arcus Scripting release, we have fully fixed this problem.
List, add and remove role assignments for a service principal
In a new Arcus.Scripting.ActiveDirectory
PowerShell module, we have created three functions that let you list, add and remove role assignments to a service principal in Azure Active Directory.
These scripts will make sure that we can easily manage a role on the ‘main’ Azure application registration and assign it to another service principal. For more information on the Arcus.Scripting.ActiveDirectory
PowerShell module, see our dedicated documentation.
Conclusion
The Arcus Scripting library is a diverse Arcus project. Rather than providing gigantic changes to specific topics, it offers smaller, practical solutions to sometimes tedious and/or repetitive problems that occur in client projects. This newest Arcus update is a great example of how we fixed the problem, so that developers can manage their Azure API Management authorization with minimal effort.
Have a look at our release notes and official documentation for more information on this new release.
If you have any questions, remarks, comments, or just want to discuss something with us: feel free to contact the Arcus team at Codit.
Thanks for reading!
The Arcus team
Subscribe to our RSS feed