How to validate JWT Token from Azure AD

book

Article ID: 129936

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

Hi, In order to protect out APIs from security breaches, we are implementing a pattern where API calls will contain JWT Tokens in the HTTP Header and Layer7 is required to Decode and Authorize it against AZURE AD. Can you please provide assistance by directing us towards any available documentation and helping us set up the environment with proper plugins etc.

Environment

Release:
Component: APIGTW

Resolution

Use  Decode json web token assertion to validate jwt token against  the JWKS from MS discovery url  (https://login.microsoftonline.com/common/discovery/keys)