1

so we have typical scenario, basically we have 2 azure app services

1st : API App Service - hosting asp.net core 2.1 web api c# project

2nd : Angular App Service - hosting stand alone angular app.

in 2nd :Stand alone angular app service is configured by this , a easy auth, where we don't need to write any angular authentication code, also we configured this

for that we created one azure add app - we provided API access to API App Service...

in angular app - we got token by calling /.auth/ me - and that token we're sending to API App Service.

on other hand,

API App Service also protected with separate azure ad app.

now question is :

#1 : how do we verify the token being sending ( by angular or any client ) to web API project is valid ?

Thanks a lots.

Joy Wang
  • 39,905
  • 3
  • 30
  • 54
Var
  • 270
  • 1
  • 5
  • 23

1 Answers1

0

To validate the access_token, your app should validate the token's signature, the claims, the issuer, the audience, and the signing tokens, these need to be validated against the values in the OpenID discovery document.

The Azure AD middleware has built-in capabilities for validating access tokens, and you can browse through the samples to find one in the language of your choice.

For more details, see - https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-tokens

Joy Wang
  • 39,905
  • 3
  • 30
  • 54
  • This repository has been archived by the owner. It is now read-only. – Var Oct 13 '20 at 10:58
  • i have followed this --http://thewindowsupdate.com/2020/01/10/azure-app-service-easyauth-and-azure-active-directory-flows/ – Var Oct 13 '20 at 11:04
  • @Var Take a look at this sample - https://stackoverflow.com/questions/39866513/how-to-validate-azure-ad-security-token – Joy Wang Oct 14 '20 at 01:18