Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/playerony/validate-azure-ad-token
Function to validate access token received from azure active directory. Useful when you're using a msal library to authenticate users on the frontend and you wanna verify Microsoft tokens in the API.
https://github.com/playerony/validate-azure-ad-token
axios azure azure-ad-jwt azure-functions graph-api identity jsonwebtoken microsoft msal msal-browser msal-library msal-react token validation
Last synced: 4 days ago
JSON representation
Function to validate access token received from azure active directory. Useful when you're using a msal library to authenticate users on the frontend and you wanna verify Microsoft tokens in the API.
- Host: GitHub
- URL: https://github.com/playerony/validate-azure-ad-token
- Owner: playerony
- License: mit
- Created: 2021-09-25T10:34:36.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-01-10T18:56:14.000Z (12 months ago)
- Last Synced: 2024-12-15T15:48:26.125Z (22 days ago)
- Topics: axios, azure, azure-ad-jwt, azure-functions, graph-api, identity, jsonwebtoken, microsoft, msal, msal-browser, msal-library, msal-react, token, validation
- Language: TypeScript
- Homepage: https://playerony.github.io/validate-azure-ad-token
- Size: 1.36 MB
- Stars: 12
- Watchers: 4
- Forks: 8
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Validate Azure AD Token
[](https://www.npmjs.com/package/validate-azure-ad-token)
[](https://www.npmjs.com/package/validate-azure-ad-token)
[](https://www.npmjs.com/package/validate-azure-ad-token)
[](https://www.npmjs.com/package/validate-azure-ad-token)
[](https://www.npmjs.com/package/validate-azure-ad-token)
This is a function that can be used to validate an access token received from Azure Active Directory. It is particularly useful when you're using a MSAL library to authenticate users on the frontend and you want to verify Microsoft tokens in the API.
# Documentation
For more information about the required props to validate your token and the library itself, please refer to the **[API Documentation](https://playerony.github.io/validate-azure-ad-token)**
# Installation
```js
yarn add validate-azure-ad-token
npm install validate-azure-ad-token
```
# Validation Steps
1. Verify if all required props are passed in.
2. Decode the token using the **[jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken)** library.
3. Send a request to `https://login.microsoftonline.com/{tenantId}/discovery/keys?appid={applicationId}` to receive all public keys unique to your `applicationId` and `tenantId`. This action is cached after one successful attempt.
4. Verify all required access token claims: `aud`, `tid`,`iss`,`scp`, `appid`, `exp`.
5. If the comparison succeeds, the token is valid.
# Example
```js
const validate = require('validate-azure-ad-token').default;
try {
const decodedToken = await validate('YOUR_MICROSOFT_ACCESS_TOKEN', {
tenantId: 'YOUR_TENANT_ID',
audience: 'YOUR_AUDIENCE_ID',
applicationId: 'YOUR_APPLICATION_ID',
scopes: 'YOUR_SCOPES', // for example ["User.Read"]
});
// DO WHATEVER YOU WANT WITH YOUR DECODED TOKEN
} catch (error) {
// ALL ERRORS GONNA SHOW HERE AS A STRING VALUE
}
```
# Usage
If you are using a **[@azure/msal-react](https://www.npmjs.com/package/@azure/msal-react)** or **[@azure/msal-browser](https://www.npmjs.com/package/@azure/msal-browser)** on the frontend site and you want to verify your Microsoft access token on your node server.
# License
This project is licensed under the MIT License - see the LICENSE file for details.