Dmytro
Reputation: 355
Azure APIM policies: allow multiple header names for sending JWT, or 'OR' condition in policies
I need to configure APIM to support JWT provided in any of predefined headers. To do that I need to combine two policies by 'OR' condition but I can't find a documentation on corresponding syntax.
I have two types of client applications. Some of them send JWT in 'Authorization' token as recommended in Azure documentation:
Authorization: Bearer eyJhbGciOi....
while other apps use custom header name:
custom_token: eyJhbGciOi....
I need to support both. However I can't specify policies one-by-one as 'AND' condition is used in case like below:
<validate-jwt header name="Authorization" ... </validate-jwt>
<validate-jwt header name="custom_token" ... </validate-jwt>
How do I implement 'OR' condition between policies? Thanks!
Upvotes: 0
Views: 727
Answers (1)
Dmytro
Reputation: 355
Ok, I've found a solution. That was easier than I was afraid of:
<choose>
<when condition="@(!context.Request.Headers.GetValueOrDefault("Authorization", "").Equals(""))">
<validate-jwt header-name="Authorization" ..... </validate-jwt>
</when>
<otherwise>
<validate-jwt header-name="custom_token" ..... </validate-jwt>
</otherwise>
</choose>
Upvotes: 1
Related Questions
- Validate JWT in Azure APIM policy
- Azure APIM Validate JWT based on two different claims
- Azure APIM Policy Editor
- custom header conditions APIM policy
- In API Management Policy, check if a header value is within a list/array
- Multiple Authentication policies in Azure APIM
- Pass only 1 header instead of Authorization and Ocp-Apim-Subscription-Key in Azure API Management
- Azure API Management : validate jwt token scope
- JWT token for both API and azure vault key for OAUTH policy
- Using azure API management restrict the api call based on the JWT token claim