How do I decode and validate client's access token at server end?

asked 2022-06-21T19:43:44.703+00:00

As I understand the generated token can change periodically due to key rotations / changes in hashing algorithms ex; RS256 etc. Considering this, how can I decode and validate the access tokens ?

I am currently only looking for user Authentication.

Ref : https://learn.microsoft.com/en-us/answers/questions/693600/i-want-to-get-azure-ad-access-toke-in-jwt-format.html

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,597 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
142 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2022-06-23T05:24:14.287+00:00
    James Hamil 11,876 Reputation points Microsoft Employee

    Hi @PRUTHVI GOLLAHALLI NIRANJANA , if I understand your question correctly this thread may answer some of your questions.

    "When your API receives an access token, it must validate the signature to prove that the token is authentic. Your API must also validate a few claims in the token to prove that it is valid. Depending on the scenario requirements, the claims validated by an application can vary, but your application must perform some common claim validations in every scenario"

    Please let me know if you have any questions or if I misunderstood your question.

    If this answer helped you please mark it as "Verified" so other users can reference it.

    Thank you,
    James