Tools, FAQ, Tutorials:
Validate Azure AD v1 id_token Signature
How to validate the id_token signature received from Azure AD v1.0 authentication response?
✍: FYIcenter.com
You can use some existing libraries to perform the Azure AD "id_token" signature
validation using libraries of different programming languages as suggested
in
"Azure Active Directory access tokens" article".
But you can also try to validate the "id_token" signature with your own code logic in these steps:
1. Take out the "kid" value from "Header" component of the "id_token". This will be used to identify the public key Azure AD service used to sign the "id_token". The "kid" value is replacing the "x5t" value. So stop using the "x5t" value.
Header = { "typ": "JWT", "alg": "RS256", "x5t": "nbCwW11w3XkB-xUaXwKRSLjMHGQ", "kid": "nbCwW11w3XkB-xUaXwKRSLjMHGQ"" }
2. Get a copy of the Azure AD metadata document:
GET https://login.microsoftonline.com/common/.well-known/openid-configuration
3. Take the "jwks_uri" value from the metadata document as the URL of Azure AD public keys:
{ "authorization_endpoint": "https:\/\/login.microsoftonline.com\/common\/oauth2\/authorize", "token_endpoint": "https:\/\/login.microsoftonline.com\/common\/oauth2\/token", ... "jwks_uri": "https:\/\/login.microsoftonline.com\/common\/discovery\/keys", }
4. Get a copy of Azure AD public keys:
GET https://login.microsoftonline.com/common/discovery/keys
5. Take the "x5c" value the "keys" entry with "kid" matching the value your have from the "id_token". The "x5c" value is the X.509 certificate of the public key.
{ "keys": [ { "kty": "RSA", "use": "sig", "kid": "nbCwW11w3XkB-xUaXwKRSLjMHGQ", "x5t": "nbCwW11w3XkB-xUaXwKRSLjMHGQ", "n": "u98KvoUHfs2z2YJyfkJzaGFYM58eD0...", "e": "AQAB", "x5c": [ "MIIDBTCCAe2gAwIBAgIQV68hSN9Drrl..." ] }, { "kty": "RSA", "use": "sig", "kid": "-sxMJMLCIDWMTPvZyJ6tx-CDxw0", "x5t": "-sxMJMLCIDWMTPvZyJ6tx-CDxw0", ... }, ... ] }
6. Validate the "Signature" component of the "id_token" with the public key certificate.
Â
⇒ OpenID Tutorials
⇠Validate Azure AD v1 id_token
⇑⇑ OpenID Tutorials
2021-05-16, 1019👍, 0💬
Popular Posts:
How To Pad an Array with the Same Value Multiple Times in PHP? If you want to add the same value mul...
How to add request query string Parameters to my Azure API operation 2017 version to make it more us...
How to install .NET Framework in Visual Studio Community 2017? I have the Visual Studio Installer in...
How To Pass Arrays By References? in PHP? Like normal variables, you can pass an array by reference ...
How to add an API to an API product for internal testing on the Publisher Portal of an Azure API Man...