HOTSPOT
You need to configure API Management for authentication.
Which policy values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: Validate JWT
The validate-jwt policy enforces existence and validity of a JWT extracted from either a
specified HTTP Header or a specified query parameter.
Scenario: User authentication (see step 5 below)
The following steps detail the user authentication process:
✑ The user selects Sign in in the website.
✑ The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.
✑ The user signs in.
✑ Azure AD redirects the user’s session back to the web application. The URL includes an access token.
✑ The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience (‘aud’) claim in the access token.
✑ The back-end API validates the access token.
Box 2: Outbound
Leave a Reply