Skip to content

Commit e48240d

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #262654 from tomkerkhove/patch-20
fix(apim): require-scheme only works with Authorization header
2 parents c5cb675 + 99a98fe commit e48240d

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/api-management/validate-jwt-policy.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,7 @@ The `validate-jwt` policy enforces existence and validity of a supported JSON we
121121
* The policy supports tokens encrypted with symmetric keys using the following encryption algorithms: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512.
122122
* To configure the policy with one or more OpenID configuration endpoints for use with a self-hosted gateway, the OpenID configuration endpoints URLs must also be reachable by the cloud gateway.
123123
* You can use access restriction policies in different scopes for different purposes. For example, you can secure the whole API with Microsoft Entra authentication by applying the `validate-jwt` policy on the API level, or you can apply it on the API operation level and use `claims` for more granular control.
124-
124+
* When using a custom header (`header-name`), the configured required scheme (`require-scheme`) will be ignored. To use a required scheme, JWT tokens must be provided in the `Authorization` header.
125125

126126
## Examples
127127

0 commit comments

Comments
 (0)