all Technical posts

Role-Based Authentication in Azure API Management Made Easy in Arcus Scripting v0.8

Managing roles during JWT validation was tedious and repetitive work. The newest Arcus Scripting release has changed things for the better.

Stijn Moreels
16 February 2023

Validating JSON web tokens in Azure API Management

The validate-jwt policy in Azure API Management provides the capability to enforce a valid JWT in an incoming HTTP request. One of these validation rules is whether the received token contains certain role claims. This authorization functionality is very useful when allowing/denying certain functionality to users of the application based on their role membership.

An example of such a policy is shown here:

Management of service principal roles to certain Azure Directory Applications is rather tedious. One has to look up the role assignments of an Azure Active Directory application to find out if the service principal has the correct access. Moreover, in certain scenarios, one has to wait a couple of seconds before a role assignment is available for use. All this adds to the problem of managing a service principal for validating JWTs in Azure API Management. In a single Arcus Scripting release, we have fully fixed this problem.

List, add and remove role assignments for a service principal

In a new Arcus.Scripting.ActiveDirectory PowerShell module, we have created three functions that let you list, add and remove role assignments to a service principal in Azure Active Directory.

These scripts will make sure that we can easily manage a role on the ‘main’ Azure application registration and assign it to another service principal. For more information on the Arcus.Scripting.ActiveDirectory PowerShell module, see our dedicated documentation.

Conclusion

The Arcus Scripting library is a diverse Arcus project. Rather than providing gigantic changes to specific topics, it offers smaller, practical solutions to sometimes tedious and/or repetitive problems that occur in client projects. This newest Arcus update is a great example of how we fixed the problem, so that developers can manage their Azure API Management authorization with minimal effort.

Have a look at our release notes and official documentation for more information on this new release.

If you have any questions, remarks, comments, or just want to discuss something with us: feel free to contact the Arcus team at Codit.

Thanks for reading!
The Arcus team

Subscribe to our RSS feed

Related articles

Finished Azure Integration Account Functionality and Other Cool Features in Arcus Scripting v0.6

Recently, we released Arcus Scripting v0.6. The scripting library was quiet for a while, without any updates, so let's see what's new in this run-down post on any upcoming functionalities

Announcing Arcus Scripting

Solving problems with PowerShell scripts has never been easier. Come and take a look at what this first version of Arcus.Scripting has to offer!

Arcus Security v2.0, the Catalyst Release That Sets the Record Straight

The Arcus Security v2.0 release makes use of the required .NET 8 update in order to make small changes which will have a big impact.

Send blog to my inbox

Invalid email address

Submit

Thanks, we've sent the link to your inbox

Invalid email address

Submit

Your download should start shortly!

Stay in Touch - Subscribe to Our Newsletter

Keep up to date with industry trends, events and the latest customer stories

Invalid email address

Submit

Great you’re on the list!