Skip to content

Instantly share code, notes, and snippets.

@ZakiMohammed

ZakiMohammed/fragment-policy.xml

Created January 20, 2024 13:38
Show Gist options
  • Save ZakiMohammed/f6c45a5c0165f44939fc4757ebab2a1c to your computer and use it in GitHub Desktop.
Save ZakiMohammed/f6c45a5c0165f44939fc4757ebab2a1c to your computer and use it in GitHub Desktop.
Download ZIP
Creating Send Request Policy in APIM
Raw
fragment-policy.xml
<policies>
<inbound>
<base />
<set-variable name="audience" value="938c1d33-5075-474c-b91a-1b539388ab54" />
<include-fragment fragment-id="ValidateJwtFragment" />
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
Raw
fragment.xml
<fragment>
<!-- policy-jwt -->
<validate-jwt
header-name="Authorization"
failed-validation-httpcode="401"
failed-validation-error-message="Unauthorized"
require-scheme="Bearer"
output-token-variable-name="output-token">
<openid-config url="https://login.microsoftonline.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration/" />
<audiences>
<audience>f0047ad9-83fb-4a82-8167-d253b0dfb0c3</audience>
<audience>08c06aea-ea55-48d4-9611-a43c53bf0955</audience>
<audience>@(context.Variables.ContainsKey("audience") ? (string)context.Variables["audience"] : "f0047ad9-83fb-4a82-8167-d253b0dfb0c3")</audience>
</audiences>
<issuers>
<issuer>https://login.microsoftonline.com/31537af4-6d77-4bb9-a681-d2394888ea26/v2.0</issuer>
</issuers>
</validate-jwt>
<!-- custom-headers -->
<choose>
<when condition='@(!string.IsNullOrEmpty((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("username")))'>
<set-header name="CO-Username" exists-action="override">
<value>@((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("username"))</value>
</set-header>
</when>
</choose>
<choose>
<when condition='@(!string.IsNullOrEmpty((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("email")))'>
<set-header name="CO-Email" exists-action="override">
<value>@((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("email"))</value>
</set-header>
</when>
</choose>
<!-- policy-send-req -->
<send-request mode="new" response-variable-name="response-roles">
<set-url>https://articles.codeomelet.com/auth/api/user/roles</set-url>
<set-method>GET</set-method>
<set-header name="CO-Username" exists-action="override">
<value>@((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("username"))</value>
</set-header>
<set-header name="CO-Email" exists-action="override">
<value>@((string)((Jwt)context.Variables["output-token"]).Claims.GetValueOrDefault("email"))</value>
</set-header>
</send-request>
<!-- policy-send-req:response -->
<choose>
<!-- unauthorized-->
<when condition='@(((IResponse)context.Variables["response-roles"]).StatusCode == 401)'>
<return-response>
<set-status code="401" reason="Unauthorized" />
<set-header name="WWW-Authenticate" exists-action="override">
<value>Bearer error="invalid_token"</value>
</set-header>
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>@(JsonConvert.SerializeObject(((IResponse)context.Variables["response-roles"]).Body.As<JObject>()))</set-body>
</return-response>
</when>
<!-- custom-headers -->
<when condition='@(context.Variables.ContainsKey("response-roles"))'>
<set-header name="CO-Roles" exists-action="override">
<value>@(JsonConvert.SerializeObject(((IResponse)context.Variables["response-roles"]).Body.As<JObject>()))</value>
</set-header>
</when>
</choose>
</fragment>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment