I decided to create a simple one-pager highlighting different settings in Azure API management related to validating JWT Tokens in Oauth2 based flows.
Typical source of confusion can be the developer portal related settings. For the picture I tried to outline which settings are related to developer portal and which validating JWT tokens in the API policies.
- This picture excludes the full details of identity provider and client/API configuration (Another picture and blog post worth of material)
References
Authorize developer accounts by using Azure Active Directory – Azure API Management | Microsoft Docs
SecureCloudBlog 
0 comments on “Azure API Management – What’s what in OAuth2 related settings?”