Exam AZ-204 topic 4 question 37 discussion

To validate the Azure AD request in the app code when using Twitter as the identity provider, you should validate the ID token signature (option B). The ID token is a JSON Web Token (JWT) that contains claims about the user. It is signed by Azure AD using a private key, and the signature can be verified using the corresponding public key. Validating the ID token signature ensures that the token was issued by a trusted source and that it has not been tampered with in transit. Option A, validating the ID token header, is not sufficient for validating the entire ID token. The header only contains metadata about the token, such as the algorithm used for signing. Option C, validating the HTTP response code, is unrelated to validating the ID token. Option D, validating the tenant ID, is important for ensuring that the app is only accepting tokens from a trusted Azure AD tenant, but it does not ensure the integrity of the token itself.

Got it in exam 20/10/2022

ID Token Signature: Validating the signature ensures the token's authenticity and integrity, confirming it was issued by Azure AD and has not been tampered with.

B. ID Token Signature Explanation: The ID token signature is used to verify that the token hasn't been tampered with. It's a crucial part of a JWT, ensuring the token's integrity and authenticity. Relevance: Validating the ID token signature is a key step in ensuring that the token is indeed from the trusted identity provider (in this case, Azure AD) and has not been altered. It's essential for security.

Validating the ID token signature ensures that the token is valid and hasn't been altered.

A JWT contains three segments, a header, a body, and a signature. The signature segment can be used to validate the authenticity of the token so that it can be trusted by your application

B. ID token signature

Current answer is correct (A). You can edit the token header in order to include the source. You cannot change the signature. check it out here: jwt.io

B is the correct answer https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview#validation

B. ID token signature When validating an Azure AD request in the app code, it is important to validate the ID token signature to ensure the authenticity of the token. The ID token contains information about the authenticated user, including the user's identity and any claims or permissions associated with the user. By validating the signature, you can ensure that the token has not been tampered with and that it was indeed issued by Azure AD.

https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview#validation When your application or API receives an ID token, it must validate the signature to prove that the token is authentic.

Id token, in another words, you are validating JWT token.

Signature is for validation

B seems the correct answer

B https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview#validation

I would say it's B. https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview#validation

The answer is definitely b.