ZakiMohammed/fragment-policy.xml

## fragment-policy.xml
<policies>
	<inbound>
		<base />
		<set-variable name="audience" value="938c1d33-5075-474c-b91a-1b539388ab54" />
		<include-fragment fragment-id="ValidateJwtFragment" />
	</inbound>
	<backend>
		<base />
	</backend>
	<outbound>
		<base />
	</outbound>
	<on-error>
		<base />
	</on-error>
</policies>

## fragment.xml
<fragment>
	<!-- policy -->
	<validate-jwt
		header-name="Authorization"
		failed-validation-httpcode="401"
		failed-validation-error-message="Unauthorized"
		require-scheme="Bearer"
		output-token-variable-name="output-token">

		<openid-config url="https://login.microsoftonline.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration/" />

		<audiences>
			<audience>f0047ad9-83fb-4a82-8167-d253b0dfb0c3</audience>
			<audience>08c06aea-ea55-48d4-9611-a43c53bf0955</audience>
			<audience>@(context.Variables.ContainsKey("audience") ? (string)context.Variables["audience"] : "f0047ad9-83fb-4a82-8167-d253b0dfb0c3")</audience>
		</audiences>

		<issuers>
			<issuer>https://login.microsoftonline.com/31537af4-6d77-4bb9-a681-d2394888ea26/v2.0</issuer>
		</issuers>
	</validate-jwt>

	<!-- custom-headers -->
	<choose>
		<when condition='@(!string.IsNullOrEmpty((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("username")))'>
			<set-header name="CO-Username" exists-action="override">
				<value>@((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("username"))</value>
			</set-header>
		</when>
	</choose>
	<choose>
		<when condition='@(!string.IsNullOrEmpty((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("email")))'>
			<set-header name="CO-Email" exists-action="override">
				<value>@((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("email"))</value>
			</set-header>
		</when>
	</choose>
</fragment>
	<policies>
	<inbound>
	<base />
	<set-variable name="audience" value="938c1d33-5075-474c-b91a-1b539388ab54" />
	<include-fragment fragment-id="ValidateJwtFragment" />
	</inbound>
	<backend>
	<base />
	</backend>
	<outbound>
	<base />
	</outbound>
	<on-error>
	<base />
	</on-error>
	</policies>
	<fragment>
	<!-- policy -->
	<validate-jwt
	header-name="Authorization"
	failed-validation-httpcode="401"
	failed-validation-error-message="Unauthorized"
	require-scheme="Bearer"
	output-token-variable-name="output-token">

	<openid-config url="https://login.microsoftonline.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration/" />

	<audiences>
	<audience>f0047ad9-83fb-4a82-8167-d253b0dfb0c3</audience>
	<audience>08c06aea-ea55-48d4-9611-a43c53bf0955</audience>
	<audience>@(context.Variables.ContainsKey("audience") ? (string)context.Variables["audience"] : "f0047ad9-83fb-4a82-8167-d253b0dfb0c3")</audience>
	</audiences>

	<issuers>
	<issuer>https://login.microsoftonline.com/31537af4-6d77-4bb9-a681-d2394888ea26/v2.0</issuer>
	</issuers>
	</validate-jwt>

	<!-- custom-headers -->
	<choose>
	<when condition='@(!string.IsNullOrEmpty((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("username")))'>
	<set-header name="CO-Username" exists-action="override">
	<value>@((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("username"))</value>
	</set-header>
	</when>
	</choose>
	<choose>
	<when condition='@(!string.IsNullOrEmpty((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("email")))'>
	<set-header name="CO-Email" exists-action="override">
	<value>@((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("email"))</value>
	</set-header>
	</when>
	</choose>
	</fragment>