Which policy values should you use?

Posted by: Pdfprep Category: AZ-204 Tags: , ,

HOTSPOT

You need to configure API Management for authentication.

Which policy values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Box 1: Validate JWT

The validate-jwt policy enforces existence and validity of a JWT extracted from either a

specified HTTP Header or a specified query parameter.

Scenario: User authentication (see step 5 below)

The following steps detail the user authentication process:

✑ The user selects Sign in in the website.

✑ The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.

✑ The user signs in.

✑ Azure AD redirects the user’s session back to the web application. The URL includes an access token.

✑ The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience (‘aud’) claim in the access token.

✑ The back-end API validates the access token.

Box 2: Outbound

Leave a Reply

Your email address will not be published.