Azure AD Verify Token
Verify JWT issued by Azure Active Directory B2C.
Table of Contents
Features
- 🎉 Verify JWT issued by Azure Active Directory B2C.
- 🚀 Automatically use the rotated public keys from Azure.
- 💪 Written in TypeScript.
- ♻️ Configurable cache for public keys.
Installation
npm install azure-ad-verify-token --save
Usage
Verify
import { verify, VerifyOptions } from 'azure-ad-verify-token';
const options: VerifyOptions = {
jwksUri: 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1_signupsignin1',
issuer: 'https://contoso.b2clogin.com/3285c484-dce5-4abb-a341-bbe4f2bc8554/v2.0/',
audience: '99d1275c-e805-483f-b832-600f8130829c'
};
verify(token, options)
.then(decoded => {
// verified and decoded token
console.log(decoded);
})
.catch(error => {
// invalid token
console.error(decoded);
});
Verify options:
Property | Type | Description |
---|---|---|
jwksUri |
string |
jwk_uri value obtained from B2C policy metadata endpoint. |
issuer |
string |
issuer value obtained from B2C policy metadata endpoint. |
audience |
string |
Application ID of the application accessing the tenant. |
Example metadata endpoints:
- https://login.microsoftonline.com/common/.well-known/openid-configuration
- https://login.microsoftonline.com/common/discovery/keys
Configuration
import { setConfig } from 'azure-ad-verify-token';
setConfig({
cacheLifetime: 12 * (60 * 60 * 1000) // 12 hours
});
Configuration options:
Property | Type | Description | Default |
---|---|---|---|
cacheLifetime |
number |
Number of milliseconds to cache public keys. | 1 hour |
References
- Overview of tokens in Azure Active Directory B2C
- Microsoft identity platform access tokens
- RSA Key Converter
Development
npm install
npm run build