Upstream Azure AD Service Auth Policy
This policy adds a Authorization
header to the upstream request that allows using Azure AD to authenticate requests to your origin server. This is a useful means of securing your origin server so that only your Zuplo gateway can make requests against it.
Using this policy allows you to delegate authentication and authorization to your gateway without writing any code on your origin service. For instructions on how to configure Azure AD authentication see Azure's documentation.
Configuration
{
"name": "my-upstream-azure-ad-service-auth-inbound-policy",
"policyType": "upstream-azure-ad-service-auth-inbound",
"handler": {
"export": "UpstreamAzureAdServiceAuthInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"activeDirectoryTenantId": "$env(AZURE_AD_TENANT_ID)",
"activeDirectoryClientId": "$env(AZURE_AD_CLIENT_ID)",
"activeDirectoryClientSecret": "$env(AZURE_AD_CLIENT_SECRET)"
}
}
}
Read more about how policies work