Programming
javascript node.js jwt azure-active-directory
Updated Tue, 12 Jul 2022 22:48:43 GMT

Validating kid in azure jwt token by hard coding the kid


I am getting a azure token and to verify I was checking the kid in header by decoding this token from jwt.io and then I hardcoded the kid in my code for future tokens.

Now, after some days the public keys has been changed and the previous kid which I stored in my code is outdated and not matching from the https://login.microsoftonline.com/common/discovery/keys.

Can any one help how can I add the kid in my code to verify the token or if I can decode the header of the token directly and verify the kid from https://login.microsoftonline.com/common/discovery/keys.




Solution

If you want to decode the Azure AD JWT token in node application, we can use the package jwt-decode.

For example

const jwt_decode = require("jwt-decode");
const token =
  "eyJ0eXAiOiJKV1QiLCJhbGc...";
const res = jwt_decode(token, { header: true });
console.log(res);

enter image description here





Comments (1)

  • +0 – Thanks Jim, I got the idea from your answer. — Oct 12, 2020 at 03:05