[DOC] Securing your webhooks doc doesn't contain expected claim

Question

[DOC] Securing your webhooks doc doesn't contain expected claim

PFYasu opened this issue a year ago · 2 comments

Hello there,

I'm going through a documentation that described how to secure the Azure Marketplace SaaS Webhook.

Regarding to the doc:

"appid": "this is the resource id you use when you create publisher authorization token to call SaaS fulfillment APIs"

I've implemented a secure webhook as shown in the [documentation](https://microsoft.github.io/Mastering-the-Marketplace/saas/pdfs/10.3-simple-webhook-dotnet-securing.pdf). I didn't see the claim with the appid type.

Below I attached claims keys that were received from a webhook request header:

aud
iss
iat
exp
aio
azp
azpacr
oid
rh
sub
tid
uti
ver

I don't see appid there. Seems that has been changed to aud, right?

Answer 1 · 2024-01-04T16:16:02.000Z

Hi @PFYasu - For this I recommend raising a support ticket on our partner center please.

Answer 2 · 2024-01-04T18:06:03.000Z

Hi @santhoshb-msft. I wasn't sure where to raise this issue.
Thanks for your recommendation. I'll create a support ticket on the partner center, as you suggested.