[英]How to verify JWT id_token produced by MS Azure AD with C# and .net?
I have seen the post with a similar title about Angular JS, but I have been searching for a C# / .net code sample of how to do this presumably common task.我看过标题类似的关于 Angular JS 的帖子,但我一直在寻找 C#/.net 代码示例,说明如何执行这个大概是常见的任务。
I have found many articles talking about the fact that it must be done, but no straightforward "Here's how you validate an id_token returned from Azure B2C using C# and .net"我发现很多文章都在谈论它必须完成的事实,但没有简单明了的“这是使用 C# 和 .net 验证从 Azure B2C 返回的 id_token 的方法”
Is anyone aware of such a piece of code?有没有人知道这样一段代码?
Validating an id_token is similar to the first step of validating an access token - your client should validate that the correct issuer has sent back the token and that it hasn't been tampered with.验证 id_token 类似于验证访问令牌的第一步 - 您的客户端应该验证正确的颁发者已发回令牌并且它没有被篡改。 Because id_tokens are always a JWT, many libraries exist to validate these tokens - we recommend you use one of these rather than doing it yourself.
由于 id_tokens 始终是 JWT,因此存在许多用于验证这些令牌的库 - 我们建议您使用其中之一,而不是自己进行。
To manually validate the token, see the steps details in validating an access token.要手动验证令牌,请参阅验证访问令牌中的步骤详细信息。 After validating the signature on the token, the following claims should be validated in the id_token (these may also be done by your token validation library):
验证令牌上的签名后,应在 id_token 中验证以下声明(这些也可以由您的令牌验证库完成):
you can browse through this samples to find one in the language of your choice.您可以浏览这些示例以找到您选择的语言的示例。 For more information on how to explicitly validate a JWT token, see the manual JWT validation sample .
有关如何显式验证 JWT 令牌的更多信息,请参阅手动 JWT 验证示例。
You can check this thread as well for additional reference:您也可以查看此线程以获取更多参考:
Hope it helps.希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.