Azure AD - validate idToken

Anonymous
2022-10-24T02:37:02.427+00:00

Hi all,

I was trying to validate the idToken I got from my Vue SPA (single page application) which was integrated with Azure AD.

I've found one thread with 2 answers but I still can't figure it out. [Link] (https://learn.microsoft.com/en-us/answers/questions/793793/azure-ad-vlidate-access-token.html)

As far as I know, to validate / verify a JWT, one need to check if the signature match the hash result of one's own. Please, correct me if I'm wrong.

Below is what I got so far.

  1. decode the token, and get the "kid" value from header.
    253384-snipaste-2022-10-24-10-26-41.png
  2. call the key API from microsoft to look for a match for the "kid" value got from step 1.
    API endpoint should be like this, https://login.microsoftonline.com/{{AD_tenantId}}/discovery/keys?appid={{AD_appId}}
    253364-snipaste-2022-10-24-10-30-10.png

Then what should I do?
Please help, thanks in advance.

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
40,237 questions
{count} votes

1 answer

Sort by: Most helpful
  1. 2022-10-24T19:52:56.603+00:00

    Hello @Anonymous and thanks for reaching out. Azure AD ID token signature validation is usually done through a programming language library. For Vue, you can use MSAL JS TokenValidator or any other JavaScript JWT validator library. If you want to do it manually or know more about the inner workings, please take a look to Validating an ID token., RFC 7519: Validating a JWT and RFC 7515: JSON Web Signature (JWS).

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.