Reputation: 270
azure app service authentication token verify
so we have typical scenario, basically we have 2 azure app services
1st : API App Service - hosting asp.net core 2.1 web api c# project
2nd : Angular App Service - hosting stand alone angular app.
in 2nd :Stand alone angular app service is configured by this , a easy auth, where we don't need to write any angular authentication code, also we configured this
for that we created one azure add app - we provided API access to API App Service...
in angular app - we got token by calling /.auth/ me - and that token we're sending to API App Service.
on other hand,
API App Service also protected with separate azure ad app.
now question is :
#1 : how do we verify the token being sending ( by angular or any client ) to web API project is valid ?
Thanks a lots.
Upvotes: 1
Views: 951
Answers (1)
Reputation: 42073
To validate the access_token, your app should validate the token's signature, the claims, the issuer, the audience, and the signing tokens, these need to be validated against the values in the OpenID discovery document.
The Azure AD middleware has built-in capabilities for validating access tokens, and you can browse through the samples to find one in the language of your choice.
For more details, see - https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-tokens
Upvotes: 0
Related Questions
- Fetching access token for keyvault
- Validating token from Azure App Service through postman returns 401
- Configure authentication in azure appservice
- Validate AzureAD token in Web Api
- Azure REST access token
- How to authenticate webapp using token
- Azure App Service - Add Authentication
- Microsoft authentication ID
- Azure AD - Validate Token
- Azure App Services Exchange AuthenticationToken for Session