AD B2C userflow roll over key to sign JWT

Ha Truong 1 Reputation point

I am using the predefined userflow and use the public key that AD B2C provides in jwks_uri to validate the token on my side. My question is whether that public key will be changed later?


Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,569 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 25,301 Reputation points Microsoft Employee

    The Keys are referenced in your JWtIssuer Technical Profile and if your application is using an OIDC library it will automatically fetch this metadata to ensure the app uses the correct keys to validate tokens. The MSAL library helps in fetching the latest token signing keys automatically . so yes even if the public key changes , you will be ale to get the current public key when you fetch the metadata correctly .

    0 comments No comments