Reputation: 191
Azure Managed Identity token version for APIM
I have an Azure Api Management component that will fetch an OAUTH token and add it as a custom header when the request is forwarded to the back-end services.
For this I'm using the authentication-managed-identity policy and a system assigned managed identity. I've noticed this will create a V1 token instead of a V2 token. This is a bit annoying as I'm trying to use V2 everywhere and the claims can differ between V1 and V2. I.e. azp is appid in V1.
Is there a way to force this to get a V2 token with the system assigned managed identity?
Upvotes: 0
Views: 442
Answers (1)
Reputation: 58733
I don't think the v1/v2 token has anything to do with how it is acquired.
The app registration for the API should have "accessTokenAcceptedVersion": 2 in its manifest.
That should result in all tokens for it being v2, including ones acquired by a Managed Identity.
If you changed the value recently, remember that Managed Identity tokens are cached and last for 8 hours if I recall correctly. So the change could take a while to take effect there.
Upvotes: 1
Related Questions
- Default version for API Management
- Azure Apim authentication for apis
- How do I specify a user-assigned managed identity in Azure API Management
- Azure API Management and API Versioning
- Microsoft Graph API which version
- Azure API Management: Oauth2 with backend API
- Generate Access Token and validate against IdentityServer4 through Azure API Management
- How to version an API in Azure API Management using Azure Resource Manager
- Azure Management Rest API Auth token
- Azure API Management - OAuth server Token endpoint?