I figured out that the portal sending a request such as "subscriptions/sid/resourceGroups/rgid/providers/Microsoft.ApiManagement/service/sid/identity" to verify the access token. Is there any other way to verify token without sending request?
Asked
Active
Viewed 191 times
0
-
Welcom to Stackoverflow. Please provide enough code so others can better understand or reproduce the problem. – Hamed Hajiloo Oct 25 '21 at 12:10
1 Answers
0
After successful sign-in, an Authorization header is added to the request, with an access token (Base64 encoded).
Below code will help you to verify access token when sending request to backend.
<policies>
<inbound> <base />
<send-request ignore-error="true" timeout="20" response-variable-name="bearerToken" mode="new">
... //code
</send-request>
<set-header name="Authorization" exists-action="override"> <value> @("Bearer " + (String)((IResponse)context.Variables["bearerToken"]).Body.As<JObject>()["access_token"]) </value>
</inbound>
<backend> <base /> </backend>
<outbound> <base /> </outbound>
<on-error> <base /> </on-error>
</policies>
Please refer Microsoft documentation, this and SO Thread for more details.
HarshithaVeeramalla-MT
- 3,013
- 2
- 2
- 9