Azure AD - validate idToken

李宗翰 (Patrick) 1 Reputation point

Hi all,

I was trying to validate the idToken I got from my Vue SPA (single page application) which was integrated with Azure AD.

I've found one thread with 2 answers but I still can't figure it out. [Link] (

As far as I know, to validate / verify a JWT, one need to check if the signature match the hash result of one's own. Please, correct me if I'm wrong.

Below is what I got so far.

  1. decode the token, and get the "kid" value from header.
  2. call the key API from microsoft to look for a match for the "kid" value got from step 1.
    API endpoint should be like this,{{AD_tenantId}}/discovery/keys?appid={{AD_appId}}

Then what should I do?
Please help, thanks in advance.

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
32,862 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Alfredo Revilla (MSFT) 25,276 Reputation points Microsoft Employee

    Hello @李宗翰 (Patrick) and thanks for reaching out. Azure AD ID token signature validation is usually done through a programming language library. For Vue, you can use MSAL JS TokenValidator or any other JavaScript JWT validator library. If you want to do it manually or know more about the inner workings, please take a look to Validating an ID token., RFC 7519: Validating a JWT and RFC 7515: JSON Web Signature (JWS).

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.