How can we improve Azure API Management?

validate-jwt openid-config url attribute should support expressions

I see this was declined a year ago but the alternative is not a good solution. ref: https://feedback.azure.com/forums/248703-api-management/suggestions/31936303-support-expressions-in-openid-config-url-of-valida

Say I have 2 API developer accounts and for each one I have a document in Cosmos DB with extra data about each developer. In here I have an open ID configuration URL so that these developers can use their own authentication tokens to connect to my API. As a first step in all policies, after I have retrieved the developer data, I use the validate-jwt policy passing in the url. Ideal scenario. Doesn't work.

Now looking at the alternative:
I duplicate the validate-jwt policy using a choose policy to select the right one based on which developer account is using the API. The open ID configuration URLs are hard coded in these validate-jwt policies. This is pretty ugly.

Now say I add a developer:
Instead of simply setting them up in CosmosDB I need to add another validate-jwt policy and hard code their open ID configuration url. And if I add another? And another? It's not what you'd refer to as scalable, the policy code will blow out massively. Not to mention that we'd need to "deploy" new code every time we add one.

Now say a developer wants to change their url:
Instead of just updating the document in CosmosDB we need to modify the source code of the API and deploy which seems crazy. (OK for this one I could use a property for each developer so that I only need to change the property value, but that then makes the properties list unmanageable)

Now say I want to automate this process:
I could create a simple interface for developers to sign up and enter all their own data that I will store in CosmosDB. But they'll need to wait for me to go and modify the API source to add that extra validate-jwt policy with hard coded url and deploy the new API.

I hope you can see that this is a worthwhile improvement and perhaps is more achievable than a year ago.

13 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Darren shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
An error occurred while saving the comment

Feedback and Knowledge Base