all Technical posts

Role-Based Authentication in Azure API Management Made Easy in Arcus Scripting v0.8

Managing roles during JWT validation was tedious and repetitive work. The newest Arcus Scripting release has changed things for the better.

Validating JSON web tokens in Azure API Management

The validate-jwt policy in Azure API Management provides the capability to enforce a valid JWT in an incoming HTTP request. One of these validation rules is whether the received token contains certain role claims. This authorization functionality is very useful when allowing/denying certain functionality to users of the application based on their role membership.

An example of such a policy is shown here:

Management of service principal roles to certain Azure Directory Applications is rather tedious. One has to look up the role assignments of an Azure Active Directory application to find out if the service principal has the correct access. Moreover, in certain scenarios, one has to wait a couple of seconds before a role assignment is available for use. All this adds to the problem of managing a service principal for validating JWTs in Azure API Management. In a single Arcus Scripting release, we have fully fixed this problem.

List, add and remove role assignments for a service principal

In a new Arcus.Scripting.ActiveDirectory PowerShell module, we have created three functions that let you list, add and remove role assignments to a service principal in Azure Active Directory.

These scripts will make sure that we can easily manage a role on the ‘main’ Azure application registration and assign it to another service principal. For more information on the Arcus.Scripting.ActiveDirectory PowerShell module, see our dedicated documentation.


The Arcus Scripting library is a diverse Arcus project. Rather than providing gigantic changes to specific topics, it offers smaller, practical solutions to sometimes tedious and/or repetitive problems that occur in client projects. This newest Arcus update is a great example of how we fixed the problem, so that developers can manage their Azure API Management authorization with minimal effort.

Have a look at our release notes and official documentation for more information on this new release.

If you have any questions, remarks, comments, or just want to discuss something with us: feel free to contact the Arcus team at Codit.

Thanks for reading!
The Arcus team

Subscribe to our RSS feed

Hi there,
how can we help?

Got a project in mind?

Connect with us

Let's talk

Let's talk

Thanks, we'll be in touch soon!

Call us

Thanks, we've sent the link to your inbox

Invalid email address


Your download should start shortly!

Stay in Touch - Subscribe to Our Newsletter

Keep up to date with industry trends, events and the latest customer stories

Invalid email address


Great you’re on the list!