Yes, you can customize token validation parameters in Azure Logic Apps. Here's how you can approach this:
1. Using Authentication Options in Logic Apps: When setting up authentication for triggers, such as HTTP triggers, you can specify the issuer and audience for JWT tokens. For example, you can set the issuer to `https://login.microsoftonline.com//v2.0` and the audience to your application ID. This ensures that only requests with valid tokens from the specified issuer and audience are processed[1].
2. Managed Identities for API Connections: Logic Apps can use managed identities to authenticate connections to resources like Azure Key Vault. You can configure these identities to use either system-assigned or user-assigned identities, providing flexibility in how you manage access and authentication across different connections[4].
3. Custom API Authentication: When calling custom APIs from Logic Apps, you can set up authentication using Microsoft Entra ID. This involves creating an application identity for your logic app and configuring the authorization section in your logic app definition. You can specify parameters like tenant ID, client ID, and secret to customize how tokens are validated and used[7].
4. SAS Tokens for Logic App Triggers: While not directly related to token validation, Logic Apps use SAS (Shared Access Signature) tokens for securing triggers. These tokens include parameters like permissions (`sp`), SAS version (`sv`), and a signature (`sig`) generated using a secret key. This mechanism provides a way to authenticate and authorize access to Logic App triggers, though it's more about securing the trigger endpoint itself rather than customizing token validation[2].
In summary, while Logic Apps provide built-in mechanisms for token validation, such as using authentication options and managed identities, you can also customize the validation process by integrating with custom APIs and using Microsoft Entra authentication. However, direct customization of token validation parameters within the Logic App itself is limited to specifying issuer and audience for JWT tokens and using managed identities for API connections.
Citations:
[1] https://autosysops.com/blog/parse-jwt-tokens-in-azure-logic-apps
[2] https://turbo360.com/blog/logic-app-best-practices-secure-your-azure-logic-apps
[3] https://gotoguy.blog/2020/12/05/blog-series-powering-up-your-home-office-lights-part-4-using-logic-apps-to-get-access-token-and-renew-access-token-if-needed/comment-page-1/
[4] https://docs.azure.cn/en-us/logic-apps/authenticate-with-managed-identity
[5] https://www.youtube.com/watch?v=ZVIJhVe0muU
[6] https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
[7] https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-custom-api-authentication
[8] https://stackoverflow.com/questions/48965003/re-using-authorization-token-response-in-logic-app