I’m experimenting with Angular and APIM. I note that my access token is sent in my API request, but I’m getting a 401 error. My access token doesn’t seem to be a 3-Part JWT. It is the one returned by the Auth0 token call, and it seems to be base64 encoded just there are more dots in there than I expected and some are adjacent or double dots like there’s a segment missing.
I read that it’s normal to pass the access token to an API over the I’d token and that an access token does not have to be a JWT.
I’m at a loss to know how to configure the Validate JWT policy in APIM especially if it’s expecting a regular JWT.
Can someone confirm that for APIM to validate an access token it must call an Auth0 endpoint to do so and if so why?
As I said this is just a dev issue ATM but I can’t go forward unless I can validate the token. I’m kind of stuck.