Forum Discussion

SadPython's avatar
SadPython
Copper Contributor
Jul 19, 2024

Validate authToken from Teams-js

I'm getting an auth token from the authentication module in the `microsoft/teams-js` library. Since I want to use the `preferred_username` to link users to existing accounts in my app, I need to validate that the auth token is legit. I'd like to validate against a public key that the JWT token has not been tampered with in my server code before I link users. How can I do this? My app is a django app on the backend.

developer
microsoft teams

1 Reply

Sort By
  • Dinesh-MSFT's avatar
    Dinesh-MSFT
    Former Employee
    Jul 22, 2024

    Hi SadPython - Thanks for raising the query.
    We will look into it and let you know the updates.

    Update: To validate the auth token in your Django backend, you can use a library like pyjwt or python-jose to decode and verify the JWT token against the public key provided by Microsoft. Here's a sample code snippet:

    from jose import jwt

# Replace 'your_public_key' with the actual public key
TOKEN = 'the_auth_token'
PUBLIC_KEY = 'your_public_key'

# Decode and validate the token
decoded_token = jwt.decode(TOKEN, PUBLIC_KEY, algorithms=['RS256'])
preferred_username = decoded_token.get('preferred_username')

# Now you can link the user with the preferred_username

    Please ensure that the public key you use corresponds to the one used by Microsoft to sign the tokens. If you encounter any issues or have further questions, please provide the error messages or specific challenges you're facing.

Resources