Skip to content

What is a recommended ID token validation method #7441

New issue
New issue
Open
Open
What is a recommended ID token validation method#7441
Labels
Needs: Attention 👋Awaiting response from the MSAL.js teamconfidential-clientIssues regarding ConfidentialClientApplicationsdocumentationRelated to documentation.msal-nodeRelated to msal-node packagequestionCustomer is asking for a clarification, use case or information.
@Key5n

Description

@Key5n
Key5n
opened on Nov 26, 2024

Core Library

MSAL Node (@azure/msal-node)

Wrapper Library

Not Applicable

Public or Confidential Client?

Confidential

Documentation Location

https://learn.microsoft.com/en-us/entra/identity-platform/id-tokens#validate-tokens

Description

I’m curious about a recommended ID token validation method in msal-node.
I’m developing a Next.js app which uses msal-node for authorization and authentication and makes use of server components. (So the app is a confidential client application)

The documentation says confidential clients should validate ID tokens by checking claims like “aud”, “nonce” and “exp”.
However, there is no recommended way to validate such token in the document.
I want to avoid manually writing the logic as much as possible because it could be dangerous, but it seems you recommend to manually validate it.

So if you know the best or recommended way to validate the token, then let me know.
I’m glad if there is a such function or method in msal-node itself.

Thank you for your help!

Metadata

Metadata

Assignees

No one assigned

    Labels

    Needs: Attention 👋Awaiting response from the MSAL.js teamconfidential-clientIssues regarding ConfidentialClientApplicationsdocumentationRelated to documentation.msal-nodeRelated to msal-node packagequestionCustomer is asking for a clarification, use case or information.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions