Skip to content

Azure/api-management-policy-snippets

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

@graemefoster
graemefoster Policies and readme for a full front-channel OIDC flow (#113)
f647c32 Oct 13, 2023
Policies and readme for a full front-channel OIDC flow (#113) 
* Policies and readme for a full front-channel OIDC flow similar to App Service Authentication

* Replaced apim with Azure API Management

* Fixed some hardcoded hosts and replaced with the correct context OriginalUrl host

* Added to main readme

* Added PKCE flow

* Removed aad error from callback

* Added token encryption (using a combo of a named-value, and the unique session key) to the tokens at rest in Redis

* Doco

* Broken out access tokens and cached individually. Added a user-defined expiry on the refresh tokens

* Looks good

* Renames and doco

* Better doco

* Update README.md

* Update readme.md

* Update readme.md

* Added 2 additional headers for name and preferred user-name

* Documented claims

* Fixed a bug which arose with multiple cookies (I didn't handle them correctly). Also ensured the cookies all have timeout / marked as secure / and have explicit samesite policy

* Made the IV a separate secret which is not stored on server-side. Means that admins with access to Redis cannot decrypt the tokens

* UPdated doco to reflect new IV

* Moved to encrypting the cookie now, passing an IV along with it

* Removed optional scope property which was not set correctly

* Wrapped preferred_username in a choose block as it wasn't in an Auth0 token

* Added 2 keys for each encryption key... supports a slicker ops process of rotating keys

* Couple of small bug fixes

* More defensive when removing cache keys in callback. I had an error when trying to remove a non-existant key

* Fixed a bug on an assumption how the Headers dictionary worked

* Allow custom cookie prefix. Also standardising fragment names, and sorting out doco

* Improving documentation

* Better doco

* Better doco

* More doco work

* Removed debug info

* Made cookies secure and httponly

* Add support for x-forwarded-host headers

* More doco

* Added correct redirect into code exchange

* Fixed a bug where sliding the session cookien blatted any cookies coming back from downstream

* Fixed to look for set-cookies. not cookie

* Update oauth-proxy-slide-session-fragment.xml

* Fix fragment name in doco

* Some fixes around the sliding session cookie to stop it overwriting your own cookies

* Check for invalid cookie

* Better error handling if a dodgy cookie is sent in
f647c32

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
examples
Policies and readme for a full front-channel OIDC flow (#113)
October 13, 2023 07:26
media/vscode-snippets
Adding VS Code snippets file
June 19, 2018 15:15
policy-expressions
Fixing the API Management service names at readme and the policy file…
November 11, 2020 08:45
vscode-snippets
add "include-fragment" policy (#90)
July 28, 2022 15:43
LICENSE
Initial commit
April 6, 2017 16:50
README.md
Add policy expressions cheatsheet (#53)
September 14, 2020 15:07
SECURITY.md
Microsoft mandatory file (#91)
July 28, 2022 15:44
Azure API Management Policy Snippets Examples Policy expressions cheat-sheet Visual Studio Code snippets Helpful Links Contributing

README.md

Azure API Management Policy Snippets

Examples

The examples/ folder contains policy examples contributed by the product team and the user community. The samples are meant to be re-used verbatim, provide inspiration or serve as learning aids. Some of them are parameterized using Named Values (formerly known as Properties), which look like this: {{some-value}}. When using parametrized samples, you will have to either define relevant Named Values or replace them with values in place.

Policy expressions cheat-sheet

The policy-expressions folder contains a cheat-sheet with common policy expressions that are often used when authoring Azure API Management policies.

Visual Studio Code snippets

The vscode-snippets/ folder contains user snippets for Visual Studio Code. User snippets are helpful for streamlining workflow and simplifying document editing with autocomplete and easy navigation. Please, refer to the Visual Studio Code documentation on how to use them.

Azure API Management VS Code User Snippet 1

Azure API Management VS Code User Snippet 2

Azure API Management VS Code User Snippet 3

Helpful Links

To learn about Azure API Management go here.

Contributing

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

About

Re-usable examples of Azure API Management policies

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

274 stars

Watchers

33 watching

Forks

137 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 47

+ 33 contributors