I've had a few requests for APIm to provide a OIDC oauth-reverse proxy similar to App Service Authentication.
The main reason is that some people cannot allow unauthenticated traffic to hit their backend APIs.
This set of policies provides the necessary endpoints / session management required for these flows.
NB: I'm not a security expert. I've done my best to follow the secure principals involved in OIDC, but it would be awesome if anyone with a security lens could review and feedback.
I've had a few requests for APIm to provide a OIDC oauth-reverse proxy similar to App Service Authentication. The main reason is that some people cannot allow unauthenticated traffic to hit their backend APIs.
This set of policies provides the necessary endpoints / session management required for these flows.
NB: I'm not a security expert. I've done my best to follow the secure principals involved in OIDC, but it would be awesome if anyone with a security lens could review and feedback.