To verify that the token is valid and originated from Microsoft identity platform, the application must validate the token’s signature using the public keys exposed by the Microsoft identity platform that is contained in the tenant’s OpenID Connect discovery document or SAML/WS-Fed federation metadata document.įor security purposes, the Microsoft identity platform’s signing key rolls on a periodic basis and, in the case of an emergency, could be rolled over immediately. This token is signed by the Microsoft identity platform using its private key before it is sent back to the application. When a user signs in to an application that uses the Microsoft identity platform for authentication, the Microsoft identity platform creates a security token that contains information about the user. In practical terms, this works in the following way: The Microsoft identity platform uses a signing key that consists of a public and private key pair. The Microsoft identity platform uses public-key cryptography built on industry standards to establish trust between itself and the applications that use it. Overview of signing keys in the Microsoft identity platform
Key signature change aria maestosa how to#
Continue reading to understand how the keys work, how to assess the impact of the rollover to your application and how to update your application or establish a periodic manual rollover process to handle key rollover if necessary. All applications that use the Microsoft identity platform should be able to programmatically handle the key rollover process. It is important to note that these keys roll over on a periodic basis and, in an emergency, could be rolled over immediately. This article discusses what you need to know about the public keys that are used by the Microsoft identity platform to sign security tokens.
0 kommentar(er)
