Azure AD - validate idToken

Anonymous
2022-10-24T02:37:02.427+00:00

Hi all,

I was trying to validate the idToken I got from my Vue SPA (single page application) which was integrated with Azure AD.

I've found one thread with 2 answers but I still can't figure it out. [Link] (https://learn.microsoft.com/en-us/answers/questions/793793/azure-ad-vlidate-access-token.html)

As far as I know, to validate / verify a JWT, one need to check if the signature match the hash result of one's own. Please, correct me if I'm wrong.

Below is what I got so far.

  1. decode the token, and get the "kid" value from header.
    253384-snipaste-2022-10-24-10-26-41.png
  2. call the key API from microsoft to look for a match for the "kid" value got from step 1.
    API endpoint should be like this, https://login.microsoftonline.com/{{AD_tenantId}}/discovery/keys?appid={{AD_appId}}
    253364-snipaste-2022-10-24-10-30-10.png

Then what should I do?
Please help, thanks in advance.

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
36,206 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,246 Reputation points
    2022-10-24T19:52:56.603+00:00

    Hello @Anonymous and thanks for reaching out. Azure AD ID token signature validation is usually done through a programming language library. For Vue, you can use MSAL JS TokenValidator or any other JavaScript JWT validator library. If you want to do it manually or know more about the inner workings, please take a look to Validating an ID token., RFC 7519: Validating a JWT and RFC 7515: JSON Web Signature (JWS).

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.