Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

What is a recommended ID token validation method #7441

Open
Key5n opened this issue Nov 26, 2024 · 0 comments
Open

What is a recommended ID token validation method #7441

Key5n opened this issue Nov 26, 2024 · 0 comments
Labels
confidential-client Issues regarding ConfidentialClientApplications documentation Related to documentation. msal-node Related to msal-node package Needs: Attention 👋 Awaiting response from the MSAL.js team question Customer is asking for a clarification, use case or information.

Comments

@Key5n
Copy link

Key5n commented Nov 26, 2024

Core Library

MSAL Node (@azure/msal-node)

Wrapper Library

Not Applicable

Public or Confidential Client?

Confidential

Documentation Location

https://learn.microsoft.com/en-us/entra/identity-platform/id-tokens#validate-tokens

Description

I’m curious about a recommended ID token validation method in msal-node.
I’m developing a Next.js app which uses msal-node for authorization and authentication and makes use of server components. (So the app is a confidential client application)

The documentation says confidential clients should validate ID tokens by checking claims like “aud”, “nonce” and “exp”.
However, there is no recommended way to validate such token in the document.
I want to avoid manually writing the logic as much as possible because it could be dangerous, but it seems you recommend to manually validate it.

So if you know the best or recommended way to validate the token, then let me know.
I’m glad if there is a such function or method in msal-node itself.

Thank you for your help!

@Key5n Key5n added documentation Related to documentation. question Customer is asking for a clarification, use case or information. labels Nov 26, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Nov 26, 2024
@github-actions github-actions bot added confidential-client Issues regarding ConfidentialClientApplications msal-node Related to msal-node package labels Nov 26, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
confidential-client Issues regarding ConfidentialClientApplications documentation Related to documentation. msal-node Related to msal-node package Needs: Attention 👋 Awaiting response from the MSAL.js team question Customer is asking for a clarification, use case or information.
Projects
None yet
Development

No branches or pull requests

1 participant