Home > Blockchain >  validate-jwt policy in Azure APIM - troubleshoot
validate-jwt policy in Azure APIM - troubleshoot

Time:10-20

I have a validate-jwt instruction in my APIM API policy (<inbound> section).

I am sending a hopefully correct token in a header and the request still fails.

What would be the way to find out from the APIM which specific JWT token validation check has failed?

CodePudding user response:

Have you checked that the JWT is in fact valid? To do this you can paste the whole token value to https://jwt.ms in order to decode the token to see if you are missing any information.

If the token is valid, I would suggest setting up Application Insights for APIM if you haven't done that already and see if you can get any more relevant information from the logs there.

CodePudding user response:

I have figured out how to do the logging.

  1. Enable Application Insights for APIM, set 100% sampling for your desired API and enable necessary flags (see Application Insights for APIM.
  2. In the designated Application Insights instance, the JWT token issues are found if you query
exceptions
| where type =="TokenInvalidIssuer"

so you get something like


IDX10205: Issuer validation failed. Issuer: 'https://sts.windows.net/(abriged UUID)/'. Did not match: validationParameters.ValidIssuer: '' or validationParameters.ValidIssuers: 'https://login.microsoftonline.com/{tenantid}/v2.0'.
outerMethod
validate-jwt

Also, from App Insights' Application map one can click through to failed requests and drill down to exceptions arriving at similar log outputs.

Page link:https//www.codepudding.com/Blockchain/582560.html

Prev:Azure AD is not returning token : Unknown Host Error
Next:Difference between an application role and scope in Azure AD app registrations
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding