Azure AD B2C Verify JWT with PHP

Question

Azure AD B2C Verify JWT with PHP

Warning: I am a complete JWT newb and am trying to understand everything.

First ... I get it: JWT contains three segments separated by a character .

. The first part can be base64 decoded to get "something" where I can check the claims in the second (and third?) Segment.

I can id_token

go back and can strip each segment down to its corresponding JSON object ... but that's not safe at all :)

I looked at this https://github.com/firebase/php-jwt but I'm not sure what key I need to decode the JWT (I know that I can decode the first segment and get kid

used for JWT, but when u I have this particular object key

... I'm not sure what to pass firebase to decode it? https://login.microsoftonline.com/fabrikamb2c.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1_sign_in

Please excuse my horrible understanding of JWT: /

EDIT: More information

Using this TOKEN ID: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IklkVG9rZW5TaWduaW5nS2V5Q29udGFpbmVyIn0. eyJleHAiOjE0NDIzNjAwMzQsIm5iZiI6MTQ0MjM1NjQzNCwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9s b2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzc3NTUyN2ZmLTlhMzctNDMwNy04YjNkLWNjMzExZjU4ZDkyNS92 Mi4wLyIsImFjciI6ImIyY18xX3NpZ25faW5fc3RvY2siLCJzdWIiOiJOb3Qgc3VwcG9ydGVkIGN1cnJlbnRs eS4gVXNlIG9pZCBjbGFpbS4iLCJhdWQiOiI5MGMwZmU2My1iY2YyLTQ0ZDUtOGZiNy1iOGJiYzBiMjlkYzYi LCJpYXQiOjE0NDIzNTY0MzQsImF1dGhfdGltZSI6MTQ0MjM1NjQzNCwiaWRwIjoiZmFjZWJvb2suY29tIn0. h-uiKcrT882pSKUtWCpj-_3b3vPs3bOWsESAhPMrL-iIIacKc6_uZrWxaWvIYkLra5czBcGKWrYwrAC8ZvQe DJWZ50WXQrZYODEW1OUwzaD_I1f1HE0c2uvaWdGXBpDEVdsD3ExKaFlKGjFR2V7F-fPThkVDdKmkUDQX3bVc yyj2V2nlCQ9jd7aGnokTPfLfpOjuIrTsAdPcGpe5hfSEuwYDmqOJjGs9Jp1f-eSNEiCDQOaTBSvr479L5ptP XWeQZyX2SypN05Rjr05bjZh3j70ZUimiocfJzjibeoDCaQTz907yAg91WYuFOrQxb-5BaUoR7K-O7vxr2M-_ CQhoFA

I can decode the header segment eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IklkVG9rZW5TaWduaW5nS2V5Q29udGFpbmVyIn0

to{"typ":"JWT","alg":"RS256","kid":"IdTokenSigningKeyContainer"}

then take a look at https://login.microsoftonline.com/fabrikamb2c.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1_sign_in

I know this key object has been used

{"kid":"IdTokenSigningKeyContainer","use":"sig","kty":"RSA","e":"AQAB","n":"tLDZVZ2Eq_DFwNp24yeSq_Ha0MYbYOJs_WXIgVxQGabu5cZ9561OUtYWdB6xXXZLaZxFG02P5U2rC_CT1r0lPfC_KHYrviJ5Y_Ekif7iFV_1omLAiRksQziwA1i-hND32N5kxwEGNmZViVjWMBZ43wbIdWss4IMhrJy1WNQ07Fqp1Ee6o7QM1hTBve7bbkJkUAfjtC7mwIWqZdWoYIWBTZRXvhMgs_Aeb_pnDekosqDoWQ5aMklk3NvaaBBESqlRAJZUUf5WDFoJh7yRELOFF4lWJxtArTEiQPWVTX6PCs0klVPU6SRQqrtc4kKLCp1AC5EJqPYRGiEJpSz2nUhmAQ"}

So ... what is the value for the key I would pass to firebase?

+3

php oauth-2.0 jwt azure-ad-b2c

Ray Apr 27. 17 at 20:53

source to share

1 answer

Ray · Accepted Answer · 2017-05-02T02:40:28+0000

Just in case someone wants to get up and run fast and / or get confused like I was; can i recommend @astaykov link given in the question comment

https://github.com/Azure-Samples/active-directory-b2c-php-webapp-openidconnect

Along with a simple class I created to provide authorization code (handles getting SSO address, OAuth2 token and id_token validation using external libraries)

https://gist.github.com/rcosgrave/ec92938181096fd8847a38c9cc6a37d0

Azure AD B2C Verify JWT with PHP

More articles: