I have recently started working on a big project where I have a set of external API's already running assuming on example.com/api/ JWT Symfony based. And Now I'm planning to create another setup of API's which would work under APIM of Azure. I have some questions and confusions what to chose and what should be the best option in below listed requirements? I have gone through a lot of documentation but unable to find the answers relevant.
1- Can I get a Listing Of all options for the authentication flow of under Azure AD or APIM –
Signin, SignOut or Auto SignOut /Expiry/Signup URL's and policy?
2- Custom Authentication – Is it possible that I can use my example.com/api to pass thorugh the APIM and also able to validate the JWT token of my side using the in-bound policy inside the APIM?
4- What other Possible Options for the Further Authentication Under Azure for the RESTful and Serverless Services are available.
What I wanted to Acheive?
1- Either have All API's Under APIM gateway using Oauth Client - Credentials - Already tested and it worked fine.
2- Wants to use my own Authentication and Authorization System for some business reason besides the Point 1 but wanted to validate the token from APIM.
3- How can I use any external API or Azure Hosted Custom API to go through APIM and allow me control on Customization of Security Layer?
4- The best way to connect my Mobile, Desktop/Web Apps to Get authorized from APIM providing High Security for Users without Consent and make it working with both Internal API's or External Self Hosted Or even App Service Based API's?