question

ClaudioResende-8132 avatar image
0 Votes"
ClaudioResende-8132 asked sikumars-msft commented

Adding support to HTTP siganture to token request URL (AD)

I have AKS services being accessed through API Management, I am securing it with OAuth2.
For getting the token through client credential flow the user call https://login.microsoftonline.com/{tenent}{/oauth2/v2.0/token
I would like to enforce this URL with HTTP Signature as documented here https://tools.ietf.org/html/draft-cavage-http-signatures-10.

Would be possible to enforce the token request in Azure?

azure-active-directoryazure-api-managementazure-application-gateway
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @ClaudioResende-8132 ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks,

0 Votes 0 ·

1 Answer

sikumars-msft avatar image
0 Votes"
sikumars-msft answered

Hello @ClaudioResende-8132 ,

Thanks for reaching out.

Tokens issued by Azure AD are signed using industry standard asymmetric encryption algorithms, such as RS256, therefore Signing HTTP Messages

Azure AD token, the signature segment can be used to validate the authenticity of the token so that it can be trusted by your app. More information: https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-the-signature.

Hope this help.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.