Verify Signature of AAD B2C JWT tokens in JWT.io
Manually verify the signature of a JWT token to debug using JWT.io. This is a short guide on the not so straight forward way in case of tokens issued by Azure Active Directory B2C.
When decoding tokens using JWT.io the signature is verified in most cases automatically using the public key that can be discovered using the iss claim. Unfortunately this is not the case when using AAD B2C as most libraries are unable to retrieve the public key from the iss claim in this case as the key is dependent on the user flow that issued the token.
Step #1: Retrieve the public key
To retrieve the public key, get the OpenID configuration of the flow by opening the flow in the Azure Portal and click on “Run user flow” and then open the link that contains the url part …/openid-configuration…
The configuration is a JSON response that has a property jwks_uri:
When opening this url we retrieve the an array of public key informations for the used user to validate tokens.
Step #2: Format public key information
To validate a token we need to compose a JSON object using the e, kty and n property of the public key information e.g.
Step #3: Validate Token
With this JSON it’s now possible to successfully validate a tokens signature using JWT.io when pasting this JSON as string in the public key input field:
Hope this saves some time for you when playing around with AAD B2C!
