Azure APIM 入站 JWT 验证策略适用于 GET,不适用于 POST

问题描述 投票:0回答:1

我在下面写了验证 JWT 令牌的 Azure APIM 策略,它适用于 GET,但不适用于 POST。我该如何解决这个问题?

<policies>
    <inbound>
        <base />
        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
            <openid-config url="https://login.microsoftonline.com/0000000000000000000/v2.0/.well-known/openid-configuration" />
            <audiences>
                <audience>00000000000</audience>
            </audiences>
            <issuers>
                <issuer>https://sts.windows.net/0000000000000000/</issuer>
            </issuers>
            <required-claims>
                <claim name="aud">
                    <value>00000000000000000000000</value>
                </claim>
            </required-claims>
        </validate-jwt>
        <set-backend-service base-url="{{BaseURL}}" />
        
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

它也应该能够处理 POST 请求。但我在 POST 时收到 500 内部服务器错误

azure azure-api-management
1个回答
0
投票

我在 POST 请求中使用了相同的策略并得到了预期的响应。

我使用过的政策-

<policies>
    <inbound>
        <base />
        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true">
            <openid-config url="https://login.microsoftonline.com/{tenant_id}/v2.0/.well-known/openid-configuration" />
            <audiences>
                <audience>**********</audience>
            </audiences>
            <issuers>
                <issuer>https://sts.windows.net/{tenant_Id}/</issuer>
            </issuers>
            <required-claims>
                <claim name="aud" match="all">
                    <value>**********</value>
                </claim>
            </required-claims>
        </validate-jwt>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

输出-

enter image description here

enter image description here

追踪-

enter image description here

如果您仍然收到 500 内部服务器错误,那么我建议您在 trace 的帮助下检查失败的步骤。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.