![]() ![]() Tokens that a Microsoft API receives might not always be a JWT that can be decoded.Ĭlients should use the token response data that's returned with the access token for details on what's inside it. For validation and debugging purposes only, developers can decode JWTs using a site like jwt.ms. The contents of the token are intended only for the API, which means that access tokens must be treated as opaque strings. These proprietary formats that can't be validated might be encrypted tokens, JWTs, or special JWT-like. Microsoft-developed APIs like Microsoft Graph or APIs in Azure have other proprietary token formats. The format of the access token can depend on the configuration of the API that accepts it.Ĭustom APIs registered by developers on the Microsoft identity platform can choose from two different formats of JSON Web Tokens (JWTs) called v1.0 and v2.0. Some identity providers (IDPs) use GUIDs and others use encrypted blobs. Per the OAuth specification, access tokens are opaque strings without a set format. Web APIs use access tokens to perform authentication and authorization. Access tokens enable clients to securely call protected web APIs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |