1
votes

When we want to use OAuth with Azure API Management, the documentation states that we need to associate the APIM instance with an OAuth server in the OAuth 2 section of the portal. But I'm a bit confused about this because when I missed doing that, the validation of a JWT token (Validate JWT policy) works just fine. It sounds like the association between APIM and an OAuth 2 server is only needed when we want to use OAuth 2 from the developer portal or the developer console. Am I right?

1

1 Answers

3
votes

OAuth server registration is done only for the purpose of including OAuth security definition into exported spec and so that test console on dev portal will render convenient UI to obtain tokens to make runtime calls. It's not required for validate-jwt policy.