Skip to content

Commit 23bf58d

Browse files
PRMerger10PRMerger10
authored
Merge pull request #87582 from hpsin/patch-47
Add don't look at ATs to the integration list.
2 parents a272232 + d69b028 commit 23bf58d

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

articles/active-directory/develop/identity-platform-integration-checklist.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ Use the following checklist to ensure that your application is effectively integ
7575
| ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) | For mobile apps, configure each platform using the application registration experience. In order for your application to take advantage of the Microsoft Authenticator or Microsoft Company Portal for single sign-in, your app needs a “broker redirect URI” configured. This allows Microsoft to return control to your application after authentication. When configuring each platform, the app registration experience will guide you through the process. Use the quickstart to download a working example. On iOS, use brokers and system webview whenever possible.|
7676
| ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) | In web apps or web APIs, keep one token cache per account. For web apps, the token cache should be keyed by the account ID. For web APIs, the account should be keyed by the hash of the token used to call the API. MSAL.NET provides custom token cache serialization in the .NET Framework and .NET Core subplatforms. For security and performance reasons, our recommendation is to serialize one cache per user. For more information, read about [token cache serialization](msal-net-token-cache-serialization.md#token-cache-for-a-web-app-confidential-client-application).|
7777
| ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) | If the data your app requires is available through [Microsoft Graph](https://developer.microsoft.com/graph), request permissions for this data using the Microsoft Graph endpoint rather than the individual API. |
78+
| ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) |Don't look at the access token value, or attempt to parse it as a client. They can change values, formats, or even become encrypted without warning - always use the id_token if your client needs to learn something about the user, or call Microsoft Graph. Only web APIs should parse access tokens (since they are the ones defining the format and setting the encryption keys). |
7879

7980
## End-user experience
8081

0 commit comments

Comments
 (0)