This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 53%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hey team,
We are trying to use B2C as our login service for customer users and we are using API manager to front our various backend APIs. We want to make sure that we are validating the token expiration time AND that we are doing signature validation in this check.
There doesn't seem to be much info in the docs (https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT) about what the JWT Validation policy is doing in the backend.
Do you know whether this "Azure Active Directory B2C token validation" policy is also doing signature validation?
Example policy provided by docs:
Hello @Roei and thanks for reaching out. Yes, Azure API Management token validation will validate token signatures.
Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.