I'm trying to explore azure API management with OAuth2 protection I'm not able to understand it's work flow
I'm having problem understanding azure API management with OAuth2 protection. I have referred this tutorial, I have understood what they are trying to say and I have implemented it. What I'm not able to understand is,
- Should I be validating token in my spring boot application or not ?
- How to use my postman instead of developer portal (As I'm getting reply URL didn't match error when I try to login by changing dropdown value of OAuth2). Please if you guys have front end and backend code in spring boot please suggest me to understand it from begging to end. Thanks.
How to use my postman instead of developer portal
If you want to call API management API projected by Azure AD, please refer to the following steps
Get Azure AD token
Call the API
Method:
Url:
header:
Ocp-Apim-Trace: true
Ocp-Apim-Subscription-Key: <>
Authorization: Bearer <token>
Should I be validating token in my spring boot application or not ?
According to the document you provide, you have defined validate-jwt policy in your API management. The policy will validate jwt token when you call the API with AD token. So I do not need to validate the token in your spring boot application. Regarding how to implement AD in spring boot, please refer to the sample.