Skip to content

Commit

Permalink
PUB-2535 - Updated validate JWT (#456)
Browse files Browse the repository at this point in the history
  • Loading branch information
ChrisS1512 authored Oct 22, 2024
1 parent 0aa79af commit 8e6da8e
Showing 1 changed file with 34 additions and 14 deletions.
48 changes: 34 additions & 14 deletions infrastructure/resources/operation-policies/sendOtpEmail.xml
Original file line number Diff line number Diff line change
@@ -1,19 +1,39 @@
<policies>
<inbound>
<validate-jwt token-value="@((String)context.Request.Body.As<JObject>(preserveContent: true)["bearer"])" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://login.microsoftonline.com/{TENANT_ID}/v2.0/.well-known/openid-configuration" />
<audiences>
<audience>{CLIENT_ID}</audience>
</audiences>
<issuers>
<issuer>https://login.microsoftonline.com/{TENANT_ID}/v2.0</issuer>
</issuers>
<required-claims>
<claim name="roles" match="all">
<value>api.request.b2c</value>
</claim>
</required-claims>
</validate-jwt>
<choose>
<when condition="@(context.Request.Headers.GetValueOrDefault("Authorization","") != "")">
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://login.microsoftonline.com/{TENANT_ID}/v2.0/.well-known/openid-configuration" />
<audiences>
<audience>{CLIENT_ID}</audience>
</audiences>
<issuers>
<issuer>https://login.microsoftonline.com/{TENANT_ID}/v2.0</issuer>
</issuers>
<required-claims>
<claim name="roles" match="all">
<value>api.request.b2c</value>
</claim>
</required-claims>
</validate-jwt>
</when>
<otherwise>
<validate-jwt token-value="@((String)context.Request.Body.As<JObject>(preserveContent: true)["bearer"])" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://login.microsoftonline.com/{TENANT_ID}/v2.0/.well-known/openid-configuration" />
<audiences>
<audience>{CLIENT_ID}</audience>
</audiences>
<issuers>
<issuer>https://login.microsoftonline.com/{TENANT_ID}/v2.0</issuer>
</issuers>
<required-claims>
<claim name="roles" match="all">
<value>api.request.b2c</value>
</claim>
</required-claims>
</validate-jwt>
</otherwise>
</choose>
<cors>
<allowed-origins>
<origin>*</origin>
Expand Down

0 comments on commit 8e6da8e

Please sign in to comment.