All requests to the API are receiving a JWT using the Authorization header as follows:
Authorization: Bearer {{JWT}}
If an incoming request does not include this token, the request should not be processed. The API should not validate this JWT since it is going to be validated in API management, API only cares if the header is present or not.
If the token is not present a 401 response should be returned.
If the token is present, we need to decode it and get the tenant_id from it that is located in the iss field:
"iss": "https://securityioet.b2clogin.com/b21c4e98-c4bf-420f-9d76-e51c2515c7a4/v2.0/"
We need to extract the value before /v2.0/, in this case:
b21c4e98-c4bf-420f-9d76-e51c2515c7a4
This value needs to be used as tenant_id to perform all the operations in the API.
All requests to the API are receiving a JWT using the Authorization header as follows:
If an incoming request does not include this token, the request should not be processed. The API should not validate this JWT since it is going to be validated in API management, API only cares if the header is present or not.
If the token is not present a 401 response should be returned.
If the token is present, we need to decode it and get the tenant_id from it that is located in the
issfield:We need to extract the value before
/v2.0/, in this case:This value needs to be used as
tenant_idto perform all the operations in the API.