Generate Access Token and validate against Identit

2019-08-01 21:39发布

I have an external endpoint which is going to hit the Azure API gateway and that would route it to the backend API which is protected by IdentityServer4 authorization.

I am getting the access token if I hit it through the Postman client with the interactive UI from IdentityServer.

Is there a way I can get the access token required from the Azure API Management to validate against the IdentityServer4 and append it to the header in the request to the backend API?

2条回答
爱情/是我丢掉的垃圾
2楼-- · 2019-08-01 22:03

Postman has a luxury of a human user seeing the UI and authorizing API access and IdentityServer4 to issue a token for Postman. There is no such luxury when call is being processed by APIM server, as you could send request for token to IdentityServer4, but who would be presented UI to authorize the action?

The only way is to provision some sort of secret to APIM (header, query, certificate) that would be recognized by IdentityServer4 to allow it issuing tokens for APIM. If such secred is available you could use send-request policy to make a call to IdentityServer4 and obtain required token.

Or make sure that every request to APIM has a token already.

查看更多
Luminary・发光体
3楼-- · 2019-08-01 22:12

Yes it is possible to achieve it through custom policy. You can ask your external API-Client/Consumer to paas in credentials in heaser, and then you write a policy inside inbound to can read those user credentials and do a API request (similar to your postman) and get the access token. You can then append the same token and let your request gets forwarded to backend API.

As per your problem statement, this should work. In case not, you might have to explain your scenario with more description/steps.

Here are some of the reference materials for you, I hope it helps.

https://docs.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#SendRequest

https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-send-request

查看更多
登录 后发表回答