What is a recommended ID token validation method #7441
Labels
confidential-client
Issues regarding ConfidentialClientApplications
documentation
Related to documentation.
msal-node
Related to msal-node package
Needs: Attention 👋
Awaiting response from the MSAL.js team
question
Customer is asking for a clarification, use case or information.
Comments
Key5n
added
documentation
microsoft-github-policy-service
bot
added
the
Needs: Attention 👋
github-actions
bot
added
confidential-client
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Core Library
MSAL Node (@azure/msal-node)
Wrapper Library
Not Applicable
Public or Confidential Client?
Confidential
Documentation Location
https://learn.microsoft.com/en-us/entra/identity-platform/id-tokens#validate-tokens
Description
I’m curious about a recommended ID token validation method in msal-node.
I’m developing a Next.js app which uses msal-node for authorization and authentication and makes use of server components. (So the app is a confidential client application)
The documentation says confidential clients should validate ID tokens by checking claims like “aud”, “nonce” and “exp”.
However, there is no recommended way to validate such token in the document.
I want to avoid manually writing the logic as much as possible because it could be dangerous, but it seems you recommend to manually validate it.
So if you know the best or recommended way to validate the token, then let me know.
I’m glad if there is a such function or method in msal-node itself.
Thank you for your help!
The text was updated successfully, but these errors were encountered: