Verifying token in Azure API Management (APIM)

I’m experimenting with Angular and APIM. I note that my access token is sent in my API request, but I’m getting a 401 error. My access token doesn’t seem to be a 3-Part JWT. It is the one returned by the Auth0 token call, and it seems to be base64 encoded just there are more dots in there than I expected and some are adjacent or double dots like there’s a segment missing.

I read that it’s normal to pass the access token to an API over the I’d token and that an access token does not have to be a JWT.

I’m at a loss to know how to configure the Validate JWT policy in APIM especially if it’s expecting a regular JWT.

Can someone confirm that for APIM to validate an access token it must call an Auth0 endpoint to do so and if so why?

As I said this is just a dev issue ATM but I can’t go forward unless I can validate the token. I’m kind of stuck.

Hi @ian.taite,

Welcome to the Auth0 Community!

You need to request a JWT. Take a look at this FAQ:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.