AnsweredAssumed Answered

How to handle azure AD rolling keys for oauth 2.0

Question asked by DimitriDemeer82305080 on Oct 4, 2017
Latest reply on Jun 7, 2018 by forAIM

Our organisation is planning to use Azure AD as IDP for api's we expose on the APIGW.
An application on the internet, will acquire an Azure AD oauth token, and authorize towards the API gateway using it.

 

JWS tokens are quite easy to verify on the APIGW. However i am looking for information on handling the rolling signing keys Azure AD uses:

Signing Key Rollover in Azure AD | Microsoft Docs 

Outcomes