![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 26%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJO%3C/text%3E%3C/svg%3E)
3,289 questions
Use python-jose to do something like this:
# Fetch the OpenID configuration, which includes the JWKS
response = requests.get("your_tenant_openidc_configuration_endpoint_url") # Eg.
https://login.microsoftonline.com/tenant-guid/v2.0/.well-known/openid-configuration
payload = response.json()
jwks = payload["jwks_uri"]
issuer = payload["issuer"]
# Decode the JWT token (without verification)
unverified_header = jwt.get_unverified_header(token_string)
response = requests.get(jwks)
keys = response.json().get("keys")
# Find the key which was used to sign the JWT token
rsa_key = {}
for key in keys:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"],
}
# Verify the JWT token
payload = jwt.decode(
token_string,
rsa_key,
algorithms=["RS256"],
audience="your_api_client_id",
issuer=issuer,
options=options,
)
return payload
Let me know if you need additional or more detailed guidance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.