0

I'm trying to validate token from the request header in API level. The token can be from Azure B2C or Azure AD depends on the way that the API get called. Are there any ways to distinguish the two from token itself or request? or I need the caller to send something to indicate which token is which l?

I use similar method as following to validate the token, I tested it with B2C and it works fine

Validating the token recieved from azure ad b2c using the Values from "jwks_uri" endpoint

Iā€™m assuming I can validate Azure AD token in the same manner but with different parameters. But not sure how to distinguish the two tokens, so I can pass in correct parameters.

Newbie
  • 135
  • 1
  • 10
  • You probably want to try this post. https://stackoverflow.com/questions/55852498/asp-net-core-authenticate-with-aad-and-b2c ā€“ Charles Han Dec 07 '22 at 03:37

1 Answers1

0

From your question, I assume that these both are JWT access tokens. You will probably have the same method of validating them. (eg. if you use a client library, and have a function like token.validate(jwtConfig), the answer is probably yes, you will need the same function with the same config in both token type cases.)

bradib0y
  • 967
  • 5
  • 15
  • Yes they are JWT access token, I have method that validates the B2C token, similar like this https://stackoverflow.com/questions/59840170/validating-the-token-recieved-from-azure-ad-b2c-using-the-values-from-jwks-uri ā€“ Newbie Dec 07 '22 at 03:02
  • I would assume I can validate Azure AD token with same method or similar but different parameters/configs, but im not sure if there are ways to distinguish the two token so I can call correct parameters. ā€“ Newbie Dec 07 '22 at 03:04