Azure AD Verify Token
Verify JWT issued by Azure Active Directory B2C.
This fork is maintained by @tmaguire - this module was originally created by @justinlettau.
Table of Contents
Features
🎉 Verify JWT issued by Azure Active Directory B2C.🚀 Automatically use the rotated public keys from Azure.💪 Written in TypeScript.♻️ Configurable cache for public keys.
Installation
npm install @tmaguire/azure-ad-verify-token --saveUsage
Verify
import { verify, VerifyOptions } from '@tmaguire/azure-ad-verify-token';
const options: VerifyOptions = {
jwksUri:
'https://contoso.b2clogin.com/contoso.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1_signupsignin1',
issuer:
'https://contoso.b2clogin.com/3285c484-dce5-4abb-a341-bbe4f2bc8554/v2.0/',
audience: '99d1275c-e805-483f-b832-600f8130829c',
};
verify(token, options)
.then((decoded) => {
// verified and decoded token
console.log(decoded);
})
.catch((error) => {
// invalid token
console.error(error);
});Verify options:
| Property | Type | Description |
|---|---|---|
jwksUri |
string |
jwk_uri value obtained from B2C policy metadata endpoint. |
issuer |
string |
issuer value obtained from B2C policy metadata endpoint. |
audience |
string |
Application ID of the application accessing the tenant. |
Example metadata endpoints:
- https://login.microsoftonline.com/common/.well-known/openid-configuration
- https://login.microsoftonline.com/common/discovery/keys
Configuration
import { setConfig } from '@tmaguire/azure-ad-verify-token';
setConfig({
cacheLifetime: 12 * (60 * 60 * 1000), // 12 hours
});Configuration options:
| Property | Type | Description | Default |
|---|---|---|---|
cacheLifetime |
number |
Number of milliseconds to cache public keys. | 1 hour |
References
- Overview of tokens in Azure Active Directory B2C
- Microsoft identity platform access tokens
- RSA Key Converter
Development
npm install
npm run build