Share via

How do I decode and validate client's access token at server end?

PRUTHVI GOLLAHALLI NIRANJANA 1 Reputation point
2022-06-21T19:43:44.703+00:00

As I understand the generated token can change periodically due to key rotations / changes in hashing algorithms ex; RS256 etc. Considering this, how can I decode and validate the access tokens ?

I am currently only looking for user Authentication.

Ref : https://learn.microsoft.com/en-us/answers/questions/693600/i-want-to-get-azure-ad-access-toke-in-jwt-format.html

Azure
Azure

A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-06-23T05:24:14.287+00:00

    Hi @PRUTHVI GOLLAHALLI NIRANJANA , if I understand your question correctly this thread may answer some of your questions.

    "When your API receives an access token, it must validate the signature to prove that the token is authentic. Your API must also validate a few claims in the token to prove that it is valid. Depending on the scenario requirements, the claims validated by an application can vary, but your application must perform some common claim validations in every scenario"

    Please let me know if you have any questions or if I misunderstood your question.

    If this answer helped you please mark it as "Verified" so other users can reference it.

    Thank you,
    James

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.