- Report this article
Cương Vũ 
Cương Vũ
Fusion of developer and operator
Published Oct 10, 2022
+ Follow
Azure AD B2C is a great service, it helps simplify software architect. You don't need to build an SSO system but only apply few lines of code. When making authorization with Az B2C, the AD will response a payload with access token. TheMicrosoft docs doesn't mention about how to verify it, there are many libraries support the validation, but I suppose to make and API to verify token as below:
The Token from Az B2C has three segments separated by "." The first segment is a header, the second segment is payload, the third segment is a signature which is created by encrypting the hash of first and second segment, and Az B2C encrypts it with private key. To verify the token, you need to decrypt the signature with public key to get hash 1, hashing the header + payload to get hash 2 then compare hash 1 and hash 2. If 2 hashes are matched, then the token is valid.
Next question is: Where is public key? The doc says you can get public key from https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/<policy name>/discovery/v2.0/keys
But when GET into that URL, you don't see public key
Recommended by LinkedIn
"keys": [ {"kid":"X5eXk4xy8dlNP4-c57dO6QGTVBwaNk", "nbf":1493763266, "use":"sig", "kty":"RSA", "e":"AQAB", "n":"tVKUtcxLq6CScb0P3ZGXYbPzXvmmLiWZizpb-h0qup5jznOvOr-Dhw9908584BSgC83YacjWNqEK3urxhyE2jWjwRm2N95WGgb5mzE5XmZIvkvyXnn7X8dvgFPF5QwIngGsDG8LyHuJS5s8vJL0pVSrkuNojtokp84AtkADCDU_BUhrc2sIgfnvZ03koCQRoZmWiHu86SuJZYkDFstVTVSR0hiXudFlfQ2rOhPlpObmku68lXw-7V-P7jwrQRFfQVXw" } According to the doc. Azure AD B2C uses the RS256 algorithm, which is based on theRFC 3447specification. The public key consists of two components: the RSA modulus (n) and the RSA public exponent (e). You can programmatically convertnandevalues to a certificate format for token validation. So you need to make your own code to create public key from modulus and exponent.
I have made a public docker image to verify token, the program language is golang. Why golang? Because it fasts and small, the image is only 9 Mb, and when deploy it with Az Container App, it takes less than minute to provision.
https://hub.docker.com/repository/docker/kimcuongbvh/azureb2cauth
3
To view or add a comment, sign in
More articles by this author
No more previous content
- Terraform with Azure Api Management Oct 20, 2021
- Automate scale in/out for Az VM Sep 13, 2021
- Creating an email notification api with Python Feb 1, 2021
- Analyzing log with pandas, matplotlib Jan 18, 2021
- How to use Azure Application Insights with Python? Dec 23, 2020
- PowerShell and XML Dec 17, 2020
- Powershell multi-threading Aug 7, 2020
- Deploy Flask to Azure App Services May 12, 2020
- Automate DB restoring with python and Azure May 4, 2020
No more next content
Sign in
Stay updated on your professional world
Sign in
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
Insights from the community
- Software as a Service (SaaS) How do you implement SaaS user authentication and authorization?
- E-commerce How can you ensure your CMS is always backed up in case of data loss?
- Computer Science What is SaaS and how does it work?
- System Architecture How can you implement secure logging and auditing in SaaS applications?
- Computer Networking What message queuing systems can you use to improve client-server performance?
- Software as a Service (SaaS) How do you compare and select the best SaaS solutions for your specific needs and requirements?
- Software as a Service (SaaS) How do you troubleshoot and resolve SaaS issues quickly and effectively?
- Process Automation What are the most effective ways to use IFTTT for cloud-based process automation tasks?
- Content Strategy How can you recover lost or corrupted CMS content?
- Managed Services How do you evaluate and compare different SaaS providers and features for your needs?
Others also viewed
- Create Azure AD apps with one line of code Waldek Mastykarz 3y
- Azure AD roles Vs. Azure resources roles Tarek N. 2y
- What can be replicated with AD Connect / Azure AD Sync Valentin Komarovskiy, MBA 12mo
- Data Cloud, Security and Go Lightning Fast Paul Battisson 4mo
- Shield Up: Essential Security Standards Every SaaS Innovator Needs Kulpreet Singh 3mo
- How to Register Azure Active Directory App for oAuth Fidel Martin 2y
- Microsoft Azure Administrator: Azure Identities (With Step By Step Demo) Fakhar ul Hassan 2y
- ORGanizer: The Swiss Army Knife of Salesforce Browser Extensions Enrico MURRU ☁ 6y
- Salesforce Spring ’21 Release – what’s new in Salesforce? Mark Hartnady 3y
- The easiest way to setup your Azure AD app Waldek Mastykarz 3y
Explore topics
- Sales
- Marketing
- IT Services
- Business Administration
- HR Management
- Engineering
- Soft Skills
- See All
