Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon How can I use the Validate JWT policy to enforce audience validation in Azure Logic Apps


How can I use the Validate JWT policy to enforce audience validation in Azure Logic Apps


To enforce audience validation in Azure Logic Apps using the Validate JWT policy, you can follow these steps:

1. Set Up Azure API Management: First, ensure that your Logic App is integrated with Azure API Management. This is crucial because the Validate JWT policy is applied within API Management.

2. Obtain a JWT Token: To test the policy, you need a JWT token. You can obtain this by using tools like Fiddler to capture the token when you authenticate with Azure Active Directory (AAD) via the API Management Developer portal[1].

3. Decode the JWT Token: Use a tool like JWT.io to decode the token and verify its claims, such as the audience. This will help you configure the policy correctly[1].

4. Configure the Validate JWT Policy: In Azure API Management, navigate to your API, go to the Inbound Processing section, and select the Code View. Add the Validate JWT policy to check the audience claim in the token. Here's an example of how the policy might look: 

xml
   
       
       
           
               http://YourLogicAppAudience

Replace `{your-AzureAD-domain}` with your actual Azure AD domain and `http://YourLogicAppAudience` with the expected audience value from your JWT token[1][6].

5. Test the Policy: Use the API Management Developer portal to test the policy by sending a request with an invalid or missing audience claim. You should receive a 401 Unauthorized response if the audience does not match the expected value[1].

By following these steps, you can effectively enforce audience validation for your Azure Logic Apps using the Validate JWT policy in Azure API Management.

Citations:
[1] https://techcommunity.microsoft.com/blog/azuredevcommunityblog/part-4-secure-your-logic-app-using-api-management-8211-validate-jwt-access-restr/336802
[2] https://docs.mulesoft.com/gateway/latest/policies-included-jwt-validation
[3] https://blog.devops.dev/how-to-implement-jwt-validation-in-azure-apim-ffe0e758b045
[4] https://docs.azure.cn/en-us/api-management/validate-azure-ad-token-policy
[5] https://adityadeshpandeadi.wordpress.com/2020/07/23/authorization-for-azure-logic-apps-token-based/
[6] https://learn.microsoft.com/en-us/azure/api-management/validate-jwt-policy
[7] https://autosysops.com/blog/parse-jwt-tokens-in-azure-logic-apps
[8] https://stackoverflow.com/questions/67384796/validate-jwt-policy-per-operation-or-all-operations