3.0.7 • Published 11 months ago

@tmaguire/azure-ad-verify-token v3.0.7

Weekly downloads
-
License
MIT
Repository
github
Last release
11 months ago

npm version CI codecov

Azure AD/Entra ID Verify Token

Verify JWTs issued by Azure Active Directory (Azure B2C), Entra ID (organisational accounts and B2B workflows), and Microsoft Account (MSA). This is collectively referred to as the Microsoft Identity Platform which forms part of Microsoft Entra.

This fork is maintained by @tmaguire - this module was originally created by @justinlettau.

Table of Contents

Features

  • 🎉 Verify JWTs issued by the Microsoft Identity Platform (including Azure AD B2C).
  • 🚀 Automatically use the rotated public keys from Entra ID.
  • 💪 Written in TypeScript.
  • ♻️ Configurable cache for public keys.

Installation

npm install @tmaguire/azure-ad-verify-token --save

Usage

Verify

import { verify, VerifyOptions } from '@tmaguire/azure-ad-verify-token';

// Azure B2C example
const options: VerifyOptions = {
	jwksUri:
		'https://contoso.b2clogin.com/contoso.onmicrosoft.com/b2c_1_signupsignin1/discovery/v2.0/keys',
	issuer: 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/',
	audience: '99d1275c-e805-483f-b832-600f8130829c',
};

// Entra ID example
// const options: VerifyOptions = {
// 	jwksUri:
// 		'https://login.microsoftonline.com/contoso.onmicrosoft.com/discovery/v2.0/keys',
// 	issuer:
// 		'https://sts.windows.net/contoso.onmicrosoft.com/',
// 	audience: 'api://99d1275c-e805-483f-b832-600f8130829c',
// };

verify(token, options)
	.then((decoded) => {
		// verified and decoded token
		console.log(decoded);
	})
	.catch((error) => {
		// invalid token
		console.error(error);
	});

Verify options

PropertyTypeDescription
jwksUristringjwk_uri value obtained from metadata endpoint.
issuerstringissuer value obtained from metadata endpoint.
audiencestringApplication ID of the application accessing the tenant.

Example metadata endpoints

Common endpoints

Organisational endpoints

Replace {tenantId} with either your Tenant ID (GUID from Entra ID Portal) or one of your verified domains.

Azure B2C endpoints

Replace {tenantId} with either your Tenant ID (GUID from Entra ID Portal) or one of your verified domains, replace {tenantName} with your B2C tenant endpoint name, and replace {policyName} with the relevant policy that has issued the token you want to verify.

Configuration

import { setConfig } from '@tmaguire/azure-ad-verify-token';

setConfig({
	cacheLifetime: 12 * (60 * 60 * 1000), // 12 hours
});

Configuration options

PropertyTypeDescriptionDefault
cacheLifetimenumberNumber of milliseconds to cache public keys.1 hour

References

Development

npm install
npm run build
3.0.7

11 months ago

3.0.6

2 years ago

3.0.5

2 years ago

3.0.4

2 years ago

3.0.3

2 years ago

3.0.2

2 years ago

3.0.1

2 years ago