[JWT] Oauth Token Signature Validation with nonce in header | OutSystems

2021-10-09 07-57-44

Stefan Weber

MVP

Solved

[JWT] Oauth Token Signature Validation with nonce in header

Question

Application Type

Service

Hi,

when validating the signature of a token from e.g. Azure AD the header can contain a nonce value. If that is present the current validation of the token fails. After doing some research i found out that the nonce value has to be removed from the token header and replaced with a SHA256 hashed equivalent.

I modified the JWT_Core extension with the following code

This code snippet then results in a successful validation of the signature.

Would be awesome if you could add it to the component.

Best

Stefan

2

0

18 Jul 2023

2022-02-18 15-32-27

João Almeida

Champion

Solution

Hi Stefan! Thanks for your input, we'll include this in our code and testing!

2

0

18 Jul 2023

Alex Greber

Hi João!

It seems that this is not resolved in the newest version? Therefore it's not possible to validate Entra ID V2.0 tokens.

Is it planned that you include this code in a future release?

Regards Alex

0

0

26 Jun 2024

2021-12-22 13-47-36

Markus_

Hi João!

Is there any news regarding the implementation or a date when this will be implemented?

Regards Markus

0

0

16 Jan 2025

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines