Reputation: 1308
How to validate OAuth 2.0 token granted by Microsoft AD using python?
I'm planning to create a simple web service using python in the backend that can use Azure AD for OAuth2 login. Microsoft's documentation about logging the user in in browser and getting the token from auhentication is pretty clear in here: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow
However there is no mention about the validation of the token on the server side. Do I have to call HTTP api to the authorization endpoint with some parameters or can the token be validated easily without sending it to Microsoft's servers? I'm lost with this and I don't seem to find any information about this.
Upvotes: 0
Views: 2829
Answers (1)
Reputation: 2447
You need to decode the token into JWT format and need to validate the signature and the claims of the token. Please refer here.
To validate an id_token or an access_token, your app should validate both the token's signature and the claims. To validate access tokens, your app should also validate the issuer, the audience, and the signing tokens. These need to be validated against the values in the OpenID discovery document. For example, the tenant-independent version of the document is located at https://login.microsoftonline.com/common/.well-known/openid-configuration.
Upvotes: 1
Related Questions
- How to verify JWT id_token produced by MS Azure AD?
- How to validate a JWT from AzureAD in python?
- How to verify JWT produced by Azure Ad?
- Validating adb2c jwt is throwing Invalid authorization token: InvalidSignatureError in Python
- How to create Client Assertion JWT token when connecting to Azure AD?
- Validating ID token with signature in Azure Active Directory B2C
- Validate JWT access_token from AAD Azure Fails
- Azure ADAL authentication using python
- Authentication with Azure Active Directory - how to accept user credentials programmatically
- Validate OAuth 2 Access Token for Login