Skip to content

Commit 546f8f8

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #301462 from dlepow/patch-906751
[APIM] Update validate-azure-ad-token-policy.md - authentication-endp…
2 parents 66cc7d8 + 1cb24e4 commit 546f8f8

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

articles/api-management/validate-azure-ad-token-policy.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ author: dlepow
66

77
ms.service: azure-api-management
88
ms.topic: reference
9-
ms.date: 01/29/2025
9+
ms.date: 06/17/2025
1010
ms.author: danlep
1111
---
1212

@@ -30,6 +30,7 @@ The `validate-azure-ad-token` policy enforces the existence and validity of a JS
3030
header-name="name of HTTP header containing the token (alternatively, use query-parameter-name or token-value attribute to specify token)"
3131
query-parameter-name="name of query parameter used to pass the token (alternative, use header-name or token-value attribute to specify token)"
3232
token-value="expression returning the token as a string (alternatively, use header-name or query-parameter attribute to specify token)"
33+
authentication-endpoint="Microsoft Entra environment endpoint"
3334
failed-validation-httpcode="HTTP status code to return on failure"
3435
failed-validation-error-message="error message to return on failure"
3536
output-token-variable-name="name of a variable to receive a JWT object representing successfully validated token">
@@ -66,6 +67,7 @@ The `validate-azure-ad-token` policy enforces the existence and validity of a JS
6667
| header-name | The name of the HTTP header holding the token. Policy expressions are allowed. | One of `header-name`, `query-parameter-name` or `token-value` must be specified. | `Authorization` |
6768
| query-parameter-name | The name of the query parameter holding the token. Policy expressions are allowed. | One of `header-name`, `query-parameter-name` or `token-value` must be specified. | N/A |
6869
| token-value | Expression returning a string containing the token. You must not return `Bearer` as part of the token value. Policy expressions are allowed. | One of `header-name`, `query-parameter-name` or `token-value` must be specified. | N/A |
70+
| authentication-endpoint | Microsoft Entra endpoint used to acquire tokens in environments such as national clouds. Prefix `https://` is optional. Example: `https://login.microsoftonline.us` for Microsoft Entra ID for US Government. | No | `https://login-microsoftonline.com` |
6971
| failed-validation-httpcode | HTTP status code to return if the JWT doesn't pass validation. Policy expressions are allowed. | No | 401 |
7072
| failed-validation-error-message | Error message to return in the HTTP response body if the JWT doesn't pass validation. This message must have any special characters properly escaped. Policy expressions are allowed. | No | Default error message depends on validation issue, for example "JWT not present." |
7173
| output-token-variable-name | String. Name of context variable that will receive token value as an object of type [`Jwt`](api-management-policy-expressions.md) upon successful token validation. Policy expressions aren't allowed. | No | N/A |

0 commit comments

Comments
 (0)