Does the API Manager JWT Validation policy for B2C token validation validate signatures?

Roei 46 Reputation points
2022-10-25T16:17:02.24+00:00

Hey team,

We are trying to use B2C as our login service for customer users and we are using API manager to front our various backend APIs. We want to make sure that we are validating the token expiration time AND that we are doing signature validation in this check.

There doesn't seem to be much info in the docs (https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT) about what the JWT Validation policy is doing in the backend.

Do you know whether this "Azure Active Directory B2C token validation" policy is also doing signature validation?

Example policy provided by docs:

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
37,802 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. 2022-10-26T04:28:26.083+00:00

    Hello @Roei and thanks for reaching out. Yes, Azure API Management token validation will validate token signatures.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    0 comments No comments