Skip to content

Commit 71cbb48

Browse files
changeworldchangeworld
committed
Fix typo
JWT token -> JWT
1 parent 80dec49 commit 71cbb48

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/api-management/validate-jwt-policy.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -115,15 +115,15 @@ The `validate-jwt` policy enforces existence and validity of a supported JSON we
115115

116116
### Usage notes
117117

118-
* The `validate-jwt` policy requires that the `exp` registered claim is included in the JWT token, unless `require-expiration-time` attribute is specified and set to `false`.
118+
* The `validate-jwt` policy requires that the `exp` registered claim is included in the JWT, unless `require-expiration-time` attribute is specified and set to `false`.
119119
* The policy supports both symmetric and asymmetric signing algorithms:
120120
* **Symmetric** - The following encryption algorithms are supported: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512.
121121
* If used in the policy, the key must be provided inline within the policy in the Base64-encoded form.
122122
* **Asymmetric** - The following encryption algorithms are supported: PS256, RS256, RS512, ES256.
123123
* If used in the policy, the key may be provided either via an OpenID configuration endpoint, or by providing the ID of an uploaded certificate (in PFX format) that contains the public key, or the modulus-exponent pair of the public key.
124124
* To configure the policy with one or more OpenID configuration endpoints for use with a self-hosted gateway, the OpenID configuration endpoints URLs must also be reachable by the cloud gateway.
125125
* You can use access restriction policies in different scopes for different purposes. For example, you can secure the whole API with Microsoft Entra authentication by applying the `validate-jwt` policy on the API level, or you can apply it on the API operation level and use `claims` for more granular control.
126-
* When using a custom header (`header-name`), the configured required scheme (`require-scheme`) will be ignored. To use a required scheme, JWT tokens must be provided in the `Authorization` header.
126+
* When using a custom header (`header-name`), the configured required scheme (`require-scheme`) will be ignored. To use a required scheme, JWTs must be provided in the `Authorization` header.
127127

128128
## Examples
129129

0 commit comments

Comments
 (0)