I want to implement security to my APIs in azure APIM. I am looking for implementation of JWT validation policy for my APIs in APIM. So that my APIs are secure and token are validated. I can not found any good article that explain me how to configure JWT, provided I have my SSO done with OpenID and have database of users.
Just to be more specific, I do not want user to get the login prompt. Is there any otherway to get the token for security purpose? As my application call the API for registration pages also, there we do not have user to be logged in, In this case how can we validate the APIs at APIM before it is passed to backend.
Many Thanks!, Rajesh
Here is a tutorial from Microsoft about configuring a validate-jwt policy. It uses AAD as its open-id provider but you can substitute your own if you want.
You can also look at JWT claims, see this tutorial.