我有一个 Azure API 管理,其中附加了一个 Flask 服务,该服务中有一个 GET api,它返回一些 json。 现在我正在 api 调用中接收不记名令牌,并且我正在验证(在 API 的入站请求中)该令牌与我的密钥库中的秘密,直到一切都很好,但我没有收到 json 响应
<policies>
<inbound>
<base />
<!-- Extract the Bearer token from the Authorization header -->
<set-variable name="Bearer Token" value="@(context.Request.Headers.GetValueOrDefault("Authorization", "").Substring(7))" />
<!-- Retrieve the secret from Key Vault -->
<set-variable name="KeyVaultSecret" value="{{secret}}" />
<!-- Check if both the Bearer token and the Key Vault secret are strings and have the same length -->
<choose>
<when condition="@(context.Variables["Bearer Token"] is string && context.Variables["KeyVaultSecret"] is string && ((string)context.Variables["Bearer Token"]).Length == ((string)context.Variables["KeyVaultSecret"]).Length)">
<!-- Compare the Bearer token with the Key Vault secret -->
<choose>
<!-- <when condition="@(context.Variables["Bearer Token"] == context.Variables["KeyVaultSecret"])">
<return-response>
<set-status code="200" reason="OK" />
<set-body>Bearer token matches the secret.</set-body>
</return-response>
</when> -->
<when condition="@($"{context.Variables["Bearer Token"]}" == $"{context.Variables["KeyVaultSecret"]}")">
<return-response>
<set-status code="200" reason="OK" />
<set-body>Bearer token matches the Key vault Secret.</set-body>
</return-response>
</when>
<otherwise>
<return-response>
<set-status code="401" reason="Unauthorized" />
<set-body>@($"Bearer token does not matches the secret. Bearer Token: {context.Variables["Bearer Token"]}, Key Vault Secret: {context.Variables["KeyVaultSecret"]}/5")</set-body>
</return-response>
</otherwise>
</choose>
</when>
<otherwise>
<return-response>
<set-status code="400" reason="Bad Request" />
<set-body>@($"Bearer token does not matches the secret. Bearer Token: {context.Variables["Bearer Token"]}, Key Vault Secret: {context.Variables["KeyVaultSecret"]}")</set-body>
</return-response>
</otherwise>
</choose>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
这是我的入境政策 我得到的不记名令牌与 Key Vault Secret 相匹配。 但不是与此 api 关联的 json
您没有从后端获得预期的 JSON 响应,因为您的策略在令牌验证后返回自定义响应,而不是将请求转发到后端。因此,请修改您的政策,如下所示。
<policies>
<inbound>
<base />
<set-variable name="BearerToken" value="@(context.Request.Headers.GetValueOrDefault("Authorization", "").Substring(7))" />
<set-variable name="KeyVaultSecret" value="{{secret}}" />
<choose>
<when condition="@(context.Variables["BearerToken"] is string && context.Variables["KeyVaultSecret"] is string && ((string)context.Variables["BearerToken"]).Length == ((string)context.Variables["KeyVaultSecret"]).Length)">
<!-- Compare the Bearer token with the Key Vault secret -->
<choose>
<when condition="@($"{context.Variables["BearerToken"]}" == $"{context.Variables["KeyVaultSecret"]}")">
<!-- Token matches, allow request to proceed -->
</when>
<otherwise>
<return-response>
<set-status code="401" reason="Unauthorized" />
<set-body>Bearer token does not match the secret.</set-body>
</return-response>
</otherwise>
</choose>
</when>
<otherwise>
<return-response>
<set-status code="400" reason="Bad Request" />
<set-body>Invalid Bearer token or secret format.</set-body>
</return-response>
</otherwise>
</choose>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
令牌验证后无需使用
<return-response>