如何解决Azure API管理JWT令牌策略
我正在尝试在Azure门户中为JWT设置策略,并且我搜索并粘贴了几乎所有可用的网络解决方案,但似乎没有一个有效。这是我已设置的政策:-
<policies>
<inbound>
<validate-jwt header-name="Authorization" require-scheme="Bearer">
<issuer-signing-keys>
<key>X3IwT3A3bkVfZn40aHkueTBuX2lWd0J6OWNsMjI2Uk9WZw==</key>
</issuer-signing-keys>
<decryption-keys>
<key>X3IwT3A3bkVfZn40aHkueTBuX2lWd0J6OWNsMjI2Uk9WZw==</key>
</decryption-keys>
<audiences>
<audience>api://53cd59c4-53e7-46e6-890b-1dcac2cb2423</audience>
</audiences>
<issuers>
<issuer>https://sts.windows.net/5181d074-dbc6-49e9-9ada-051bc62d5e3e/</issuer>
</issuers>
<required-claims>
<claim name="scope" match="any" separator=" ">
<value>Files.Read</value>
</claim>
</required-claims>
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
请求
GET https://insyncapim.azure-api.net/api/Product/api/Product HTTP/1.1
Host: insyncapim.azure-api.net
Authorization: Bearer {my JWT token}
Ocp-Apim-Subscription-Key: ••••••••••••••••••••••••••••••••
Ocp-Apim-Trace: true
响应:
content-length: 85
content-type: application/json
date: Thu,12 Nov 2020 09:13:53 GMT
ocp-apim-trace-location: https://apimstu4tludl9hfaq8f2v6o.blob.core.windows.net/apiinspectorcontainer/wEGj7uZ8ebXmIo1P1hgGvw2-16?sv=2018-03-28&sr=b&sig=sQ98cMJe58d6bJcmZ%2BRqGHtn6jk6S13p7ORbFlWkIwI%3D&se=2020-11-13T09%3A13%3A53Z&sp=r&traceId=3f4870770f544ed28962360a04112ef8
vary: Origin
{
"statusCode": 401,"message": "Unauthorized. Access token is missing or invalid."
}
跟踪:
api-inspector
{
"request": {
"method": "GET","url": "https://insyncapim.azure-api.net/api/Product/api/Product","headers": [
{
"name": "Ocp-Apim-Subscription-Key","value": {My subscription key}
},{
"name": "sec-fetch-site","value": "cross-site"
},{
"name": "sec-fetch-mode","value": "cors"
},{
"name": "Sec-Fetch-Dest","value": "empty"
},{
"name": "X-Forwarded-For","value": "182.75.240.158"
},{
"name": "Cache-Control","value": "no-cache,no-store"
},{
"name": "Content-Type","value": "text/plain;charset=UTF-8"
},{
"name": "Accept","value": "*/*"
},{
"name": "Accept-Encoding","value": "gzip,deflate,br"
},{
"name": "Accept-Language","value": "en-US,en;q=0.9"
},{
"name": "Authorization","value": "Bearer {my JWT token}
},{
"name": "Host","value": "insyncapim.azure-api.net"
},{
"name": "Referer","value": "https://apimanagement.hosting.portal.azure.net/"
}
]
}
}
api-inspector
{
"configuration": {
"api": {
"from": "/api/Product","to": null,"version": null,"revision": "1"
},"operation": {
"method": "GET","uriTemplate": "/api/Product"
},"user": "-","product": "-"
}
}
我正在尝试使用邮递员生成访问令牌,正在生成访问令牌。但是无论何时,我尝试使用访问令牌请求API时,结果始终为401:未经授权。 我是第一次尝试,请帮帮我。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
