Since the first ping-pong game written in Basic on a computer that I built myself from the components bought on a black market, programming became my passion which continues to this day.
"validate-jwt" policy allows only one Identity Provider, either Oauth or OIDC. So I think only one provider allowed per API.
It makes sense from the APIM point of view, as you usually use it to expose API to one client at a time.
Two way that I can see:
expose different endpoint for every provider
or make Auth dependent on some other header using "when condition" policy
E.g. when header "x-client"=Google use "jwt policy for Google"
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
"validate-jwt" policy allows only one Identity Provider, either Oauth or OIDC. So I think only one provider allowed per API.
It makes sense from the APIM point of view, as you usually use it to expose API to one client at a time.
Two way that I can see: