Finally, compute a unique identifier for the user by concatenating the user's Exchange ID with the URL of the authentication metadata document. Next, retrieve the authentication metadata document from the Exchange server and validate the signature attached to the identity token. Second, make sure that the token is well-formed, that it is for your Outlook add-in, that it has not expired, and that you can extract a valid URL for the authentication metadata document. First, extract the JSON Web Token (JWT) from a base64 URL-encoded string. We suggest that you use a four-step process to validate the identity token and obtain the user's unique identifier.
The steps required to validate a JWT are described in RFC 7519 JSON Web Token (JWT). Exchange user identity tokens are JSON Web Tokens (JWT).
Your Outlook add-in can send you an Exchange user identity token, but before you trust the request you must validate the token to ensure that it came from the Exchange server that you expect.
0 kommentar(er)
