question

Fede-5003 avatar image
0 Votes"
Fede-5003 asked Fede-5003 commented

API Management - Security

I just created an API and in the configuration, I set the authorization to Oauth 2.0. That has no effect on the actual API protection, so I had to then add a JWT policy to my API and it seems to be working OK.

I do not quite understand the role of the OAuth authorization flag in the API configuration, it seems not to have any effect. Does anyone know when and why it is needed ?

azure-api-management
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered Fede-5003 commented

@Fede-5003 The OAuth Configuration in the portal is all for the developer portal experience. The actual step that protects the API by validating the JWT Token is the validate-jwt policy which needs to be included in your policies.


· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.