Recommended JWT Validation approach #3052
jeffwilcox
started this conversation in
Feedback
Replies: 1 comment
-
@jeffwilcox Thanks for the feedback! We will soon start working on MSAL Node middleware, which will become our official recommended middleware for token validation. For now, I agree we should document our recommended libraries for JWT validation. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi team,
Loving the new library as we migrate more code from ADAL.
This is either a roadmap question (feature ask maybe), or a request for recommended library...
There are many JWT libraries of generic design, plus azure-ad-verify-token, azure-ad-jwt-lite, azure-ad-jwt-v2, and there's a trust component here for sure of wanting something official.
The on-behalf-of sample app (the rather unofficial samples used for ad-hoc testing and not for any sort of prod use) just utilize
jsonwebtoken
andjwks-rsa
noms, for example... before passing along to graph.I imagine we would want to do more of the doc-recommended validation for a simple server API we're publishing, for example?
Might the family of MSAL JS packages eventually add a recommended, official JWT validation implementation for confidential client applications (Node apps)?
Thanks,
Jeff
Beta Was this translation helpful? Give feedback.
All reactions