Configuration for Azure

Ensure that JWT authentication is properly configured by setting the following parameters:

Navigation:

1. From Azure console, navigate to Function App and select protect function app.
2. Navigate to Settings > Environment variables

Configuration Parameters to add / update:

1. Set OPENID_ENABLED to false.

2. Set authorization to jwt:

   • This specifies that JWT authentication will be used to secure the API.

3. Set jwt_verify to 1:

   • Enables verification of the JWT token during API requests.

4. Set jwt_secret_base64 to the Public Key (PEM Base64 Encoded):

   • Use the jwt_signing_key public key obtained from Retrieve JWT Public Signing Key .

5. Set jwt_user_claim to upn or email:

   • Choose the claim used to identify the user. Typically, User Principal Name (upn) or email is selected based on your organization’s Entra ID configuration.

Obtain the Gateway URL:

After deploying the Cloud API using ARM, retrieve the API endpoint URL for the service:

From Azure Management console,

1. Navigate to the deployed API Management gateway.
2. Under APIs, select the Cloud API.
3. Locate the Gateway URL (base URL) for the API.
4. Append the operation path /v1/unprotect to the gateway URL.
5. Record the complete endpoint URL for use in the Browser Protector configuration and also pass code query parameter.
   • protector_endpoint_url: <>

example: https://{apim-name}.azure-api.net/api/v1/unprotect?code={appKey}