Validating kid in azure jwt token by hard coding the kid

0
votes

I am getting a azure token and to verify I was checking the kid in header by decoding this token from jwt.io and then I hardcoded the kid in my code for future tokens.

Now, after some days the public keys has been changed and the previous kid which I stored in my code is outdated and not matching from the https://login.microsoftonline.com/common/discovery/keys.

Can any one help how can I add the kid in my code to verify the token or if I can decode the header of the token directly and verify the kid from https://login.microsoftonline.com/common/discovery/keys.

1
javascriptnode.jsjwtazure-active-directory
Do you have any other concerns?Jim Xu

1 Answers

1
votes

If you want to decode the Azure AD JWT token in node application, we can use the package jwt-decode.

For example

const jwt_decode = require("jwt-decode");

const token =
  "eyJ0eXAiOiJKV1QiLCJhbGc...";

const res = jwt_decode(token, { header: true });
console.log(res);

enter image description here