@@ -12,11 +12,20 @@ export interface ApiManagementConfig {
12
12
backends ?: BackendContract [ ] ;
13
13
/** The API's CORS policy */
14
14
cors ?: ApiCorsPolicy ;
15
+ /** The API's JWT validation policy */
16
+ jwtValidate ?: ApiJwtValidatePolicy ;
17
+ /** The API's IP Filter policy */
18
+ ipFilter ?: ApiIpFilterPolicy ;
19
+ /** The pricing SKU for the APIM instance */
15
20
sku ?: {
21
+ /** The SKU name, (consumption | developer | basic | standard | premium) */
16
22
name ?: string ;
23
+ /** The max number of reserved nodes for the specified SKU */
17
24
capacity ?: number ;
18
25
} ;
26
+ /** The publisher e-mail associated with the APIM instance */
19
27
publisherEmail ?: string ;
28
+ /** The publisher name associated with the APIM instance */
20
29
publisherName ?: string ;
21
30
}
22
31
@@ -35,3 +44,73 @@ export interface ApiCorsPolicy {
35
44
/** A list of headers exposed during OPTION preflight requests */
36
45
exposeHeaders : string [ ] ;
37
46
}
47
+
48
+ /**
49
+ * Defines an APIM JWT validation policy
50
+ * See https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT for more information
51
+ */
52
+ export interface ApiJwtValidatePolicy {
53
+ /** The name of the query string parameter that contains the JWT token */
54
+ queryParamName ?: string ;
55
+ /** The name of the HTTP header that contains the JWT token */
56
+ headerName ?: string ;
57
+ /** An explicit JWT token value to validate */
58
+ tokenValue ?: string ;
59
+ /** The authorization scheme to acceept (ex. bearer) */
60
+ scheme ?: string ;
61
+ /** The HTTP status code to return for a failed response */
62
+ failedStatusCode ?: number ;
63
+ /** The error message to return for a failed response */
64
+ failedErrorMessage ?: string ;
65
+ /** Whether or not an expiration claim is required in the token */
66
+ requireExpirationTime ?: boolean ;
67
+ /** Whether or not tokens must be signed */
68
+ requireSignedTokens ?: boolean ;
69
+ /** Number of seconds to skew the clock */
70
+ clockSkew ?: number ;
71
+ /** String. Name of context variable that will receive token value as an object of type Jwt upon successful token validation */
72
+ outputTokenVariableName ?: string ;
73
+ /** Specifies the OpenID configuration used to validate the JWT token */
74
+ openId ?: {
75
+ /** Link to the OpenID metadata url */
76
+ metadataUrl : string ;
77
+ } ;
78
+ /** List of valid Base64 encoded signing keys */
79
+ signingKeys ?: string [ ] ;
80
+ /** List of valie Base64 encoded decryption keys */
81
+ decryptionKeys ?: string [ ] ;
82
+ /** List of valid audiences for the token */
83
+ audiences ?: string [ ] ;
84
+ /** List of valid issuers for the token */
85
+ issuers ?: string [ ] ;
86
+ /** List of claims that must exist within the token */
87
+ requiredClaims ?: ApiJwtClaim [ ] ;
88
+ }
89
+
90
+ /**
91
+ * A JWT validation claim
92
+ */
93
+ export interface ApiJwtClaim {
94
+ /** The name of the claim to validate */
95
+ name : string ;
96
+ /** Whether the claim value must contain all or any value */
97
+ match : "all" | "any" ;
98
+ /** The seperator used to parse multi-valued claims */
99
+ separator ?: string ;
100
+ /** The values to match against */
101
+ values ?: string [ ] ;
102
+ }
103
+
104
+ /**
105
+ * A IP Filter validation policy
106
+ */
107
+ export interface ApiIpFilterPolicy {
108
+ /** Whether the policy should allow or forbid the address specification */
109
+ action : "allow" | "forbid" ;
110
+ addresses ?: string [ ] ;
111
+ /** The range of IP addresses to apply to the policy */
112
+ addressRange ?: {
113
+ from : string ;
114
+ to : string ;
115
+ } ;
116
+ }
0 commit comments