OAuth 2.0 Access Token Validation Node.js
I have a backend API written in node.js express framework. I need to implement oAuth 2.0 (client_credentials grant type) with it. I came to know that the front-end(who is the caller of the API) is requesting the https://login.microsoftonline.com/IDENTIFIER_STRING/oauth2/token with client_id and client_secret and getting the access token in response. After that the FE will send the request to my API with Authorization header with that access token. Now my question is how can I validate that access token and grant the access to the requester? Do I have to validate it offline as a JWT with the help of some public key and some node.js library ? Or do I have to do it online via sending the access token to some endpoint of the oAuth provider similar to the token endpoint?
As the token consumer, validation is done offline, unless otherwise specified by the issuer.
You should use a JWT library, don't roll your own validation logic, it is not trivial to implement correctly.
Use MSAL for Azure ADv2 applications -
For v1, use the older ADAL -
Azure AD is OAuth 2.0 and Open ID Connect compliant. That really means you should be able to validate the JWT with 3rd party libraries as well.
- → Maximum call stack exceeded when instantiating class inside of a module
- → Browserify api: how to pass advanced option to script
- → Node.js Passing object from server.js to external modules?
- → gulp-rename makes copies, but does not replace
- → requiring RX.js in node.js
- → Remove an ObjectId from an array of objectId
- → Can not connect to Redis
- → React: How to publish page on server using React-starter-kit
- → Express - better pattern for passing data between middleware functions
- → Can't get plotly + node.js to stream data coming through POST requests
- → IsGenerator implementation
- → Async/Await not waiting
- → (Socket.io on nodejs) Updating div with mysql data stops without showing error