which azure id_token validity using some endpoint or classes

0
votes

I have authenticated successfully against azure AD (https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize) from of my angular application and got the id_token. The id_token is passed to another multiple trusted spring boot REST application

From the trusted spring boot REST application which can I validate the id_token if it is valid or not. Do we have any endpoint or out of box classes to check the validity of the id_token .ie to check if the id_token is from the same application and is also valid. The trusted spring boot application have all the below details

azure.activedirectory.tenant-id=xxxxx...
azure.activedirectory.client-id=xxxxxx...
azure.activedirectory.client-secret=xxxxx...
azure.activedirectory.active-directory-groups=Users

Can anyone please help me on this

Do let me know if need more details on anywhere

1
javaazurespring-bootoauth-2.0azure-active-directory

1 Answers

1
votes

You can directly check some claims' value of the id_token to check if the id_token is from the same application and is also valid by decoding id_token.

For example, you can check the aud value to find this id_token is for which app, the aud vaule is your app's Application ID; you can use iat, exp, andnbf three claims' value to check the token is valid or not. Hereiat value is the time that token issued, nbf value is the time that token becomes valid, and exp value is the time that the token becomes invalid.

For the details, please read v2.0 tokens.