Hey team,
We are trying to use B2C as our login service for customer users and we are using API manager to front our various backend APIs. We want to make sure that we are validating the token expiration time AND that we are doing signature validation in this check.
There doesn't seem to be much info in the docs (https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT) about what the JWT Validation policy is doing in the backend.
Do you know whether this "Azure Active Directory B2C token validation" policy is also doing signature validation?
Example policy provided by docs: