Forward incoming JWT token to backend service
In the scenario where your backend service uses UseWindowsAzureActiveDirectoryBearerAuthentication, it would be interesting to be able to:
- use Preauthentication: azure ad
- internal auth: none (or should have a passthrough)
so that the incoming JWT token could be forwarded as is to the backend. For the time being, it removes the Authorization HTTP header.
This capability is now available for web apps that can handle redirects and have cookies enabled. The token will be cached and forwarded to the backend application. We recommend keeping pre-authentication enabled and the single sign-on setting turned off.
Joosua_ Santasalo commented
I've explored few scenarios in regards to this feature request in my blog. Bottom line: If you're using XHR/Fetch in web clients, this works, If your'e outside of web view in native client, then the authorization header is stripped https://securecloud.blog/2019/12/21/azure-ad-app-proxyforward-incoming-jwt-token-to-backend-service-what-are-my-choices/
Jasmine, you say it's available but I have pre-authentication set to Azure Active Directory and single sign-on disabled but there are no tokens, bearer or authorisation headers sent. How do we enable this functionality?
Hi Jasmine, I am still not able to get bearer token with authorization header in the request even though I have set pre-authentication enabled (Azure Active Diretory and single sign-on disabled. Please help if anything missing.
Currently from I have seen, the Azure AD app proxy only translate/pass thru the HTML protocol, And any API protocol endpoint, it strips out part of Bearer header.
I vote to have Microsoft to fix this issue ASAP!
We're having the same problem - Bearer header with JWT is getting stripped form an inbound request. Could you please provide us with information if this issue has been fixed?
Andrew G commented
We have hit the same issue with JWT being stripped by AADAP on the inbound to our internal target with internal auth set to none. Has there been any progress on this issue?
James Estes commented
any update on this?
Stephane Eyskens commented
Great, thanks for your feedback