how to log jwt properties from azure apim?

1
votes

I'm logging various context properties from APIM. One category of properties that can be logged from the context variable is "Jwt" with properties like Algorithm, Audience, Claims. However, when I try to log these properties from a policy, APIM returns the following error:

'IProxyRequestContext' does not contain a definition for 'Jwt'

I'm assuming that this is because Jwt is not configured for my particular test instance. Is there a way to make my logging conditional for this? Something like?:

if Jwt exists on context then log Jwt.Algorithm

Although Jwt is not configured for my local environment I think it may be configured for the production environment and my company would be interested in capturing this information.

3
azureazure-api-management

3 Answers

1
votes

There is option to parse the Jwt and get the algorithm Use

Jwt AsJwt(input: this string)

This will return Jwt object, which has below values in it.

Algorithm: string

Audience: IEnumerable<string>

Claims: IReadOnlyDictionary<string, string[]>

ExpirationTime: DateTime?

Id: string

Issuer: string

NotBefore: DateTime?

Subject: string

Type: string

please find link below to know more details https://docs.microsoft.com/en-us/azure/api-management/api-management-policy-expressions

0
votes

There's no Jwt property on context. However there's AsJwt/TryParseJwt methods that convert string to Jwt object that does have properties you've mentioned (Algorithm, etc). So if some part of request/response contains string representing jwt you can do things like below in policy expressions:

JsonConvert.SerializeObject(context.Request.Url.Query["jwt"][0])

0
votes

The encoded jwt will be in the Authorization header of a request. AsJwt can parse that token into a Jwt object. (Search for the context variable jwt)

Your call will look like this:

context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()

Accessing a property of the Jwt object will look like this:

context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Algorithm