Share via

How to provision an Azure environment that enforces token security on a web application interfaces to JWKS authenticated client requests from known social media personal identity providers (such as google, facebook, linkedin, ..)

Tony Calice 0 Reputation points
2025-08-11T19:03:51.3766667+00:00

I have a working solution on my laptop that I am looking to deploy on Azure. This solution consists of a Web Service project and a Unit Test Project that ensures that Web Service Endpoints conform to technical acceptance criteria.

Please advise what I need to do in order for my resource group "AdventureStickers" to provide a public base url that is token secured with industry standard that permitting/denying api client requests to my Azure hosted Web Service.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 11,520 Reputation points Volunteer Moderator
    2025-08-11T19:16:14.0933333+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    To secure the “AdventureStickers” API with tokens from social logins like Google or Facebook, you’d host your web service in Azure, put it behind Azure API Management , and set up OAuth2/OpenID Connect, usually via Azure AD B2C to handle multiple providers. In APIM, you configure JWT validation using the provider’s JWKS endpoint so only valid tokens get through. The APIM gateway URL becomes your secure public API, and you can test it with unit tests or APIM’s built-in tools. This setup keeps security at the APIM layer, using standard protocols and a single unified login flow.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.