I used the Azure AD console to configure the JWT token. Everything looked fine and was able to retrieve tokens, but I found the 'alg' (algorithm) field wasn't present in the response of JWKS_url (https://login.microsoftonline.com/{tenantId}/discovery/v2.0/keys). Please see the screenshot below, so my program doesn't know which algorithm it should use to decode. How should I configure in the console so that it will return the alg filed for each key in jwks response like other IDP does?
0
votes
1 Answers
0
votes
When you decode the received JWT token using Jwt.ms you can see the header which provide information about the algorithm used (ie RS256) and the id of the key used but this by itself isn’t enough to locate the key to be used.
To find the public key to use to validate the signature using
https://login.microsoftonline.com/{tenantId}/.well-known/openid-configuration
from this it point to get attributes jwks_uri which returns another JSON document which lists a number of keys where you can use the kid from the header of the JWT to identify which key to use
