Skip to content

Commit 6c4484c

Browse files
v-dirichardsv-dirichards
authored
Merge pull request #126025 from changeworld/patch-130
Fix typo
2 parents bf90c50 + 8dda430 commit 6c4484c

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/api-management/api-management-sample-send-request.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ There are certain tradeoffs when using a fire-and-forget style of request. If fo
5959
The `send-request` policy enables using an external service to perform complex processing functions and return data to the API management service that can be used for further policy processing.
6060

6161
### Authorizing reference tokens
62-
A major function of API Management is protecting backend resources. If the authorization server used by your API creates [JWT tokens](../active-directory/develop/security-tokens.md#json-web-tokens-and-claims) as part of its OAuth2 flow, as [Microsoft Entra ID](../active-directory/hybrid/whatis-hybrid-identity.md) does, then you can use the `validate-jwt` policy or `validate-azure-ad-token` policy to verify the validity of the token. Some authorization servers create what are called [reference tokens](https://leastprivilege.com/2015/11/25/reference-tokens-and-introspection/) that cannot be verified without making a callback to the authorization server.
62+
A major function of API Management is protecting backend resources. If the authorization server used by your API creates [JWTs](../active-directory/develop/security-tokens.md#json-web-tokens-and-claims) as part of its OAuth2 flow, as [Microsoft Entra ID](../active-directory/hybrid/whatis-hybrid-identity.md) does, then you can use the `validate-jwt` policy or `validate-azure-ad-token` policy to verify the validity of the token. Some authorization servers create what are called [reference tokens](https://leastprivilege.com/2015/11/25/reference-tokens-and-introspection/) that cannot be verified without making a callback to the authorization server.
6363

6464
### Standardized introspection
6565
In the past, there has been no standardized way of verifying a reference token with an authorization server. However a recently proposed standard [RFC 7662](https://tools.ietf.org/html/rfc7662) was published by the IETF that defines how a resource server can verify the validity of a token.

0 commit comments

Comments
 (0)