Azure API Management Policy to log JWT token to App Insights (using Event Hub)

Question

Using Azure APIM + JWT validation. I have attempted to log the output the JWT token without any luck (ideally just the username extracted). See the policy below. How can I log the JWT token to a customDimension in Application Insights after being transferred through EventHub?

Policy:

  <policies>
        <inbound>
            <validate-jwt header-name="Authorization" failed-validation-httpcode="401" output-token-variable-name="jwt-token">
                <openid-config url="https://OUR_IDP/.well-known/openid-configuration" />
            </validate-jwt>
            <set-header name="caller-objectid" exists-action="override">
                <value>@(((Jwt)context.Variables["jwt-token"]).Subject)</value>
            </set-header>
            <set-variable name="message-id" value="@(Guid.NewGuid())" />
            <!--context.Request.Headers.GetValueOrDefault("Authorization", "DEFAULT"),-->
            <log-to-eventhub logger-id="LOGGER_ID_HERE" partition-id="0">@{
              var requestLine = string.Format("{0} {1} HTTP/1.1\r\n",
                                                            context.Request.Method,
                                                            context.Request.Url.Path + context.Request.Url.QueryString);
    
              var body = context.Request.Body?.As<string>(true);
              if (body != null && body.Length > 1024)
              {
                  body = body.Substring(0, 1024);
              }
    
              var headers = context.Request.Headers
                                   .Where(h => h.Key != "Ocp-Apim-Subscription-Key")
                                   .Select(h => string.Format("{0}: {1}", h.Key, String.Join(", ", h.Value)))
                                   .ToArray<string>();
    
              var headerString = (headers.Any()) ? string.Join("\r\n", headers) + "\r\n" : string.Empty;
    
              return "request:"   + context.Variables["message-id"] + "\n"
                                  + requestLine + headerString + "\r\n" + body;
          }</log-to-eventhub>
        </inbound>
        <backend>
            <forward-request follow-redirects="true" />
        </backend>
        <outbound>
            <log-to-eventhub logger-id="LOGGER_ID_HERE" partition-id="0">@{
              var statusLine = string.Format("HTTP/1.1 {0} {1}\r\n",
                                                  context.Response.StatusCode,
                                                  context.Response.StatusReason);
    
              var body = context.Response.Body?.As<string>(true);
              if (body != null && body.Length > 1024)
              {
                  body = body.Substring(0, 1024);
              }
    
              var headers = context.Response.Headers
                                              .Select(h => string.Format("{0}: {1}", h.Key, String.Join(", ", h.Value)))
                                              .ToArray<string>();
    
              var headerString = (headers.Any()) ? string.Join("\r\n", headers) + "\r\n" : string.Empty;
    
              return "response:"  + context.Variables["message-id"] + "\n"
                                  + statusLine + headerString + "\r\n" + body;
         }</log-to-eventhub>
        </outbound>
        <on-error />
    </policies>

Answer 1

I found that I can add request header logging within the Application Insights configuration section of the APIM. This logs the header properly.