Adding support to HTTP siganture to token request URL (AD)

Claudio Resende 221 Reputation points
2021-04-20T06:56:06.423+00:00

I have AKS services being accessed through API Management, I am securing it with OAuth2.
For getting the token through client credential flow the user call https://login.microsoftonline.com/{tenent}{/oauth2/v2.0/token
I would like to enforce this URL with HTTP Signature as documented here https://tools.ietf.org/html/draft-cavage-http-signatures-10.

Would be possible to enforce the token request in Azure?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,698 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
937 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,103 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,536 Reputation points
    2021-04-23T16:36:21.573+00:00

    Hello @Claudio Resende ,

    Thanks for reaching out.

    Tokens issued by Azure AD are signed using industry standard asymmetric encryption algorithms, such as RS256, therefore Signing HTTP Messages

    Azure AD token, the signature segment can be used to validate the authenticity of the token so that it can be trusted by your app. More information: https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-the-signature.

    Hope this help.

    --------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments