Upstream Azure AD Service Auth
This policy adds a Authorization header to the upstream request that allows using Azure AD to authenticate requests to your origin server. This is a useful means of securing your origin server so that only your Zuplo gateway can make requests against it.
Using this policy allows you to delegate authentication and authorization to your gateway without writing any code on your origin service. For instructions on how to configure Azure AD authentication see Configure your App Service or Azure Functions app to use Azure AD login.
Configuration#
{
"name": "my-upstream-azure-ad-service-auth-inbound-policy",
"policyType": "upstream-azure-ad-service-auth-inbound",
"handler": {
"export": "UpstreamAzureAdServiceAuthInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"activeDirectoryClientId": "20edbb34-13e9-42d0-a63c-1b6a0a20d02d",
"activeDirectoryClientSecret": "$env(ACTIVE_DIRECTORY_CLIENT_SECRET)",
"activeDirectoryTenantId": "b8e4141e-31f4-43e3-9a96-f97f3eba1eea",
"expirationOffsetSeconds": 300,
"tokenRetries": 3
}
}
}Options#
namethe name of your policy instance. This is used as a reference in your routes.policyTypethe identifier of the policy. This is used by the Zuplo UI. Value should beupstream-azure-ad-service-auth-inbound.handler/exportThe name of the exported type. Value should beUpstreamAzureAdServiceAuthInboundPolicy.handler/modulethe module containing the policy. Value should be$import(@zuplo/runtime).handler/optionsThe options for this policy:activeDirectoryTenantIdAzure Active Directory Tenant ID.
activeDirectoryClientIdThe Application (client) ID of the Azure AD App Registration.
activeDirectoryClientSecretThe client secret of the Azure AD App Registration.
tokenRetriesThe number of times to retry fetching the token in the event of a failure..
expirationOffsetSecondsThe number of seconds less than the token expiration to cache the token.