A bearer token is a lightweight security token that grants the “bearer” access to a protected resource. Azure AD supports the OAuth 2.0 and OpenID Connect standards that make extensive use of bearer tokens, including bearer tokens represented as JWTs. These protocols are discussed in more detail in the Azure Active Directory Authentication Protocols topic and in the sections below. The flow of requests and responses for the authentication process is determined by the authentication protocol that was used, such as OAuth 2.0, OpenID Connect, WS-Federation, or SAML 2.0.See Important Information About Signing Key Rollover in Azure AD for more information on the necessary logic you must have in your application to ensure it’s always updated with the latest keys. Azure AD uses public key cryptography to sign tokens and verify that they are valid. If you want to perform validation manually, see the JWT Token Handler documentation. Developers can use the provided authentication libraries to handle validation of any token from Azure AD, including JSON Web Tokens (JWT) or SAML 2.0.
Minimum set of permissions to list directory contents how to#
This document will help you understand the various scenarios Azure AD supports and will show you how to get started. Azure Active Directory (Azure AD) simplifies authentication for developers by providing identity as a service, with support for industry-standard protocols such as OAuth 2.0 and OpenID Connect, as well as open source libraries for different platforms to help you start coding quickly.