Validating guid

The Azure Active Directory (Azure AD) v2.0 endpoint emits several types of security tokens in each authentication flow.

This reference describes the format, security characteristics, and contents of each type of token.

An ID token is a form of sign-in security token that your app receives when it performs authentication by using Open ID Connect.

validating guid-87validating guid-53validating guid-65

Open ID Connect introduces a third type of token, the ID token. A bearer token is a lightweight security token that grants the bearer access to a protected resource.

The bearer is any party that can present the token.

You can use the claims in an ID token in various ways.

Typically, admins use ID tokens to display account information or to make access control decisions in an app.

The v2.0 endpoint supports the OAuth 2.0 authorization protocol, which uses access tokens and refresh tokens.

The v2.0 endpoint also supports authentication and sign-in via Open ID Connect.

Identifies the security token service (STS) that constructs and returns the token, and the Azure AD tenant in which the user was authenticated.

Your app should validate the issuer claim to ensure that the token came from the v2.0 endpoint.

For work and school accounts, the GUID is the immutable tenant ID of the organization that the user belongs to.

For personal accounts, the value is The code hash is included in ID tokens only when the ID token is issued with an OAuth 2.0 authorization code.

Note that claims in ID tokens are not returned in a specific order.

Tags: , ,