jwt validation azure api management

0
votes

I have implemented a jwt validation for api request through azure api management but it is failing. The policy is something like this.

<validate-jwt header-name="Autherization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-scheme="Bearer ">
<openid-config url="https://myb2cdev.b2clogin.com/myb2cdev.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1ctest" />
            <audiences>
                <audience>169679ed8-61df-0695-4375-574c3287ee98</audience>
            </audiences>
            <issuers>
                <issuer>https://myb2cdev.b2clogin.com/97a8e403-f111-4454-8561-0c2881aae4a/v2.0/</issuer>
            </issuers>
  </validate-jwt>

Authorization token contains Bearer string appended. ex token: "Bearer auserasereadnasewrewrwerwete...." Note: there is a space betweeb Bearer and actual token.

Can any body helps me how to fix this. The response is always : {statusCode":401,"message":"Unauthorized.Access token is missing or invalid"}

THanks,

1
azure-api-management
Did you get a workable solution for this?Simon Price

1 Answers

-1
votes

Remove the require-scheme="Bearer " from the policy. It will still validate the Bearer token sent in the Authorization header as Authorization: Bearer xxxxx