Skip to content

Readme

Jump to bottom Edit New page
Kalyan Krishna edited this page Oct 31, 2018 · 1 revision

Welcome to the active-directory-dotnet-webapi-manual-jwt-validation wiki!

Token validation comprises of two distinct parts.

  1. Token Validation
  2. Protocol Validation

Token Validation is related to ensuring the token received can be trusted. The checks are similar for most tokens and are usually made up of the following.

  1. Signature – Ensures that this token has not been tampered with.
  2. Audience – Ensures the recipient is one for whom the token was created for.
  3. Issuer – Checks the authority that created the token.
  4. Date(s) – Makes sure that the token is not expired, when was it issued.

Protocol Validation is related to ensuring the token arrived according to the protocol specifications. For OpenIdConnect, there are some rules that help mitigate different attacks. The OIDC specification covers these details OpenID Connect Core 1.0

Add a custom footer
Add a custom sidebar
Clone this wiki locally