Decode Azure AD v1 id_token
Q
How to decode the id_token value received from Azure AD v1.0 authentication response?
✍: FYIcenter.com
A
According to the "RFC 7519 - JWT (JSON Web Token)" standard,
the "id_token" value received from Azure AD authentication response should be
decoded as below:
- Splitting the encoded string into 3 components: Header, Body, and Signature by the dot "." delimiter: headerEncoded.bodyEncoded.signatureEncoded
- Get the header in JSON string as headerJSON = base64url_decode(headerEncoded).
- Get the body in JSON string as bodyJSON = base64url_decode(bodyEncoded).
- Get the signature in JSON string as signatureJSON = base64url_decode(signatureEncoded).
Here is an example of PHP script, openID_receiver.php, that decodes all 3 components of the "id_token" value received in the Authentication Response:
<html><body><pre>
<?php
$id_token = $_REQUEST["id_token"];
$parts = explode(".", $id_token);
$header = $parts[0];
$header = str_replace('/','_',$header);
$header = str_replace('+','-',$header);
$header = json_decode(base64_decode($header));
echo json_encode($header,JSON_PRETTY_PRINT);
# ready to retrieve header attributes
$body = $parts[1];
$body = str_replace('/','_',$body);
$body = str_replace('+','-',$body);
$body = json_decode(base64_decode($body));
echo json_encode($body,JSON_PRETTY_PRINT);
# ready to retrieve body attributes
$signature = $parts[2];
$signature = str_replace('/','_',$signature);
$signature = str_replace('+','-',$signature);
$signature = base64_decode($signature);
# ready for signature validation
?>
</pre></body></html>
⇒ Azure AD v1 id_token Decoded Example
2019-01-15, 506👍, 0💬
Related Topics:
