Reputation: 1689
azure-ad-jwt how does it validate the token
I am using azure-ad-jwt in a node app to validate a token. How does it validate the token, what settings does it use? I am simply using
var aad = require('azure-ad-jwt');
aad.verify(jwtToken, null, function(err, result) {
if (result) {
console.log("JWT is valid");
} else {
console.log("JWT is invalid: " + err);
}
});
Upvotes: 0
Views: 664
Answers (1)
Reputation: 10857
JWTs can be signed with a secret that is shared between the token issuer and resource server. In other words, the resource server which consumes the token uses the same secret to verify the signature in the JWT.
But this is not the only way. JWTs can also be signed using public/private keys. Azure AD uses this method.
azure-ad-jwt takes a JWT, "hunts down" public key certificates and calls the jsonwebtoken.verify() function for each certificate it finds. Each time, it passes the JWT and cerificate. This is how azure-ad-jwt can verify the signature in a JWT.
Upvotes: 1
Related Questions
- How to use Jsonwebtoken NPM package to verify JWT token issued by Azure AD?
- How do I validate a username and password in Azure AD?
- passport-azure-ad, does it parse & validate token?
- AzureAD Token Validation
- How does application validate the authenticated token from Azure Active Directory?
- Validating signature of JWT in Azure AD B2C with NodeJS
- oAuth 2.0 access token validation node.js
- Azure AD JWT Token Validation options
- Verify access_token provided by Azure Active Directory OAuth provider in Node.js
- Validate an Azure idToken in Node.js