我正在尝试在Azure门户中为JWT设置策略,并且我搜索并粘贴了几乎所有可用的网络解决方案,但似乎没有一个有效。这是我已设置的政策:-
<policies>
<inbound>
<validate-jwt header-name="Authorization" require-scheme="Bearer">
<issuer-signing-keys>
<key>X3IwT3A3bkVfZn40aHkueTBuX2lWd0J6OWNsMjI2Uk9WZw==</key>
</issuer-signing-keys>
<decryption-keys>
<key>X3IwT3A3bkVfZn40aHkueTBuX2lWd0J6OWNsMjI2Uk9WZw==</key>
</decryption-keys>
<audiences>
<audience>api://53cd59c4-53e7-46e6-890b-1dcac2cb2423</audience>
</audiences>
<issuers>
<issuer>https://sts.windows.net/5181d074-dbc6-49e9-9ada-051bc62d5e3e/</issuer>
</issuers>
<required-claims>
<claim name="scope" match="any" separator=" ">
<value>Files.Read</value>
</claim>
</required-claims>
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
请求
GET https://insyncapim.azure-api.net/api/Product/api/Product HTTP/1.1
Host: insyncapim.azure-api.net
Authorization: Bearer {my JWT token}
Ocp-Apim-Subscription-Key: ••••••••••••••••••••••••••••••••
Ocp-Apim-Trace: true
响应:
content-length: 85
content-type: application/json
date: Thu, 12 Nov 2020 09:13:53 GMT
ocp-apim-trace-location: https://apimstu4tludl9hfaq8f2v6o.blob.core.windows.net/apiinspectorcontainer/wEGj7uZ8ebXmIo1P1hgGvw2-16?sv=2018-03-28&sr=b&sig=sQ98cMJe58d6bJcmZ%2BRqGHtn6jk6S13p7ORbFlWkIwI%3D&se=2020-11-13T09%3A13%3A53Z&sp=r&traceId=3f4870770f544ed28962360a04112ef8
vary: Origin
{
"statusCode": 401,
"message": "Unauthorized. Access token is missing or invalid."
}
跟踪:
api-inspector
{
"request": {
"method": "GET",
"url": "https://insyncapim.azure-api.net/api/Product/api/Product",
"headers": [
{
"name": "Ocp-Apim-Subscription-Key",
"value": {My subscription key}
},
{
"name": "Sec-Fetch-Site",
"value": "cross-site"
},
{
"name": "Sec-Fetch-Mode",
"value": "cors"
},
{
"name": "Sec-Fetch-Dest",
"value": "empty"
},
{
"name": "X-Forwarded-For",
"value": "182.75.240.158"
},
{
"name": "Cache-Control",
"value": "no-cache, no-store"
},
{
"name": "Content-Type",
"value": "text/plain;charset=UTF-8"
},
{
"name": "Accept",
"value": "*/*"
},
{
"name": "Accept-Encoding",
"value": "gzip,deflate,br"
},
{
"name": "Accept-Language",
"value": "en-US,en;q=0.9"
},
{
"name": "Authorization",
"value": "Bearer {my JWT token}
},
{
"name": "Host",
"value": "insyncapim.azure-api.net"
},
{
"name": "Referer",
"value": "https://apimanagement.hosting.portal.azure.net/"
}
]
}
}
api-inspector
{
"configuration": {
"api": {
"from": "/api/Product",
"to": null,
"version": null,
"revision": "1"
},
"operation": {
"method": "GET",
"uriTemplate": "/api/Product"
},
"user": "-",
"product": "-"
}
}
我正在尝试使用邮递员生成访问令牌,正在生成访问令牌。但是无论何时,我尝试使用访问令牌请求API时,结果始终为401:未经授权。 我是第一次尝试,请帮帮我。