You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/api-management/validate-azure-ad-token-policy.md
+4-1Lines changed: 4 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: dlepow
6
6
7
7
ms.service: azure-api-management
8
8
ms.topic: reference
9
-
ms.date: 01/29/2025
9
+
ms.date: 06/17/2025
10
10
ms.author: danlep
11
11
---
12
12
@@ -30,6 +30,7 @@ The `validate-azure-ad-token` policy enforces the existence and validity of a JS
30
30
header-name="name of HTTP header containing the token (alternatively, use query-parameter-name or token-value attribute to specify token)"
31
31
query-parameter-name="name of query parameter used to pass the token (alternative, use header-name or token-value attribute to specify token)"
32
32
token-value="expression returning the token as a string (alternatively, use header-name or query-parameter attribute to specify token)"
33
+
authentication-endpoint="Microsoft Entra ID environment endpoint, prefix https:// is optional"
33
34
failed-validation-httpcode="HTTP status code to return on failure"
34
35
failed-validation-error-message="error message to return on failure"
35
36
output-token-variable-name="name of a variable to receive a JWT object representing successfully validated token">
@@ -66,6 +67,8 @@ The `validate-azure-ad-token` policy enforces the existence and validity of a JS
66
67
| header-name | The name of the HTTP header holding the token. Policy expressions are allowed. | One of `header-name`, `query-parameter-name` or `token-value` must be specified. |`Authorization`|
67
68
| query-parameter-name | The name of the query parameter holding the token. Policy expressions are allowed. | One of `header-name`, `query-parameter-name` or `token-value` must be specified. | N/A |
68
69
| token-value | Expression returning a string containing the token. You must not return `Bearer` as part of the token value. Policy expressions are allowed. | One of `header-name`, `query-parameter-name` or `token-value` must be specified. | N/A |
70
+
| authentication endpoint | Microsoft Entra ID environment endpoint. Prefix `https://` is optional. Example: `https://login.microsoftonline.us` for Microsoft Azure Government environment. | No |`https://login-microosftonline.com`|
71
+
69
72
| failed-validation-httpcode | HTTP status code to return if the JWT doesn't pass validation. Policy expressions are allowed. | No | 401 |
70
73
| failed-validation-error-message | Error message to return in the HTTP response body if the JWT doesn't pass validation. This message must have any special characters properly escaped. Policy expressions are allowed. | No | Default error message depends on validation issue, for example "JWT not present." |
71
74
| output-token-variable-name | String. Name of context variable that will receive token value as an object of type [`Jwt`](api-management-policy-expressions.md) upon successful token validation. Policy expressions aren't allowed. | No | N/A |
0 commit comments