How to get MS Azure RSA public key for JWT validation?

Alexey Mykhailov 25 Reputation points
2024-01-19T14:23:25.5466667+00:00

I need to validate Azure JWT that is sent to my server. As Azure JWTs are signed with RS256 algorithm I need to obtain a public key in order to be able to verify a token. I searched over the Internet and found the link to retrieve them: https://login.microsoftonline.com/common/discovery/v2.0/keys . But the problem is that the JSON that is returned by the MS server contains keys in a form that I don`t quite understand: Screenshot from 2024-01-19 16-06-13

What value should I take from here to perform a JWT validation? What value from here is the RSA public key? Thank you

Microsoft Entra
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 24,481 Reputation points Microsoft Employee
    2024-01-22T20:28:03.84+00:00

    Hi @Alexey Mykhailov , the x5c field contains the Base64-encoded X.509 certificate chain, which includes the public key used to sign the JWT. You can decode the certificate chain and extract the public key to verify the JWT signature. Please let me know if you have any questions and I can help you further. If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.