Building Applications and Solutions with Microsoft 365 Core Services (legacy) — Question 26
You are building a custom API.
Client applications will use access tokens to authenticate to the API.
You need to validate the integrity of the tokens.
Which three elements should you verify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer options
- A. the iat claim
- B. the aud claim
- C. the tid claim
- D. the JSON Web Token (JWT) signature
- E. the exp claim
Correct answer: B, C, D
Explanation
Validating the aud claim ensures that the token is intended for your API, the tid claim can be crucial for identifying the token's purpose or context, and the JWT signature confirms that the token has not been tampered with. The iat claim is not essential for integrity validation, and the exp claim, while important for expiration checks, does not directly relate to the integrity of the token itself.