You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory-b2c/openid-connect.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,7 +24,7 @@ ms.custom: fasttrack-edit
24
24
OpenID Connect is an authentication protocol, built on top of OAuth 2.0, that can be used to securely sign users in to web applications. By using the Azure Active Directory B2C (Azure AD B2C) implementation of OpenID Connect, you can outsource sign-up, sign in, and other identity management experiences in your web applications to Microsoft Entra ID. This guide shows you how to do so in a language-independent manner. It describes how to send and receive HTTP messages without using any of our open-source libraries.
25
25
26
26
> [!NOTE]
27
-
> Most of the open-source authentication libraries acquire and validate the JWT tokens for your application. We recommend exploring those options, rather than implementing your own code. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](../active-directory/develop/msal-overview.md), and [Microsoft Identity Web authentication library](../active-directory/develop/microsoft-identity-web.md).
27
+
> Most of the open-source authentication libraries acquire and validate the JWTs for your application. We recommend exploring those options, rather than implementing your own code. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](../active-directory/develop/msal-overview.md), and [Microsoft Identity Web authentication library](../active-directory/develop/microsoft-identity-web.md).
28
28
29
29
[OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) extends the OAuth 2.0 *authorization* protocol for use as an *authentication* protocol. This authentication protocol allows you to perform single sign-on. It introduces the concept of an *ID token*, which allows the client to verify the identity of the user and obtain basic profile information about the user.
30
30
@@ -110,7 +110,7 @@ error=access_denied
110
110
Just receiving an ID token isn't enough to authenticate the user. Validate the ID token's signature and verify the claims in the token per your application's requirements. Azure AD B2C uses [JSON Web Tokens (JWTs)](https://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) and public key cryptography to sign tokens and verify that they're valid.
111
111
112
112
> [!NOTE]
113
-
> Most of the open-source authentication libraries validate the JWT tokens for your application. We recommend exploring those options, rather than implementing your own validation logic. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](../active-directory/develop/msal-overview.md), and [Microsoft Identity Web authentication library](../active-directory/develop/microsoft-identity-web.md).
113
+
> Most of the open-source authentication libraries validate the JWTs for your application. We recommend exploring those options, rather than implementing your own validation logic. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](../active-directory/develop/msal-overview.md), and [Microsoft Identity Web authentication library](../active-directory/develop/microsoft-identity-web.md).
114
114
115
115
Azure AD B2C has an OpenID Connect metadata endpoint, which allows an application to get information about Azure AD B2C at runtime. This information includes endpoints, token contents, and token signing keys. There's a JSON metadata document for each user flow in your B2C tenant. For example, the metadata document for the `b2c_1_sign_in` user flow in `fabrikamb2c.onmicrosoft.com` is located at:
116
116
@@ -193,7 +193,7 @@ A successful token response looks like:
193
193
| --------- | ----------- |
194
194
| not_before | The epoch time at which the token becomes valid. |
195
195
| token_type | The token type value. `Bearer` is the only type that is supported. |
196
-
| access_token | The signed JWT token that you requested. |
196
+
| access_token | The signed JWT that you requested. |
197
197
| scope | The valid scopes for the token. |
198
198
| expires_in | The length of time that the access token is valid (in seconds). |
199
199
| expires_on | The epoch time when the access token becomes invalid. |
@@ -270,7 +270,7 @@ A successful token response looks like:
270
270
| --------- | ----------- |
271
271
| not_before | The epoch time at which the token becomes valid. |
272
272
| token_type | The token type value. `Bearer` is the only type that is supported. |
273
-
| access_token | The signed JWT token that was requested. |
273
+
| access_token | The signed JWT that was requested. |
274
274
| scope | The valid scopes for the token. |
275
275
| expires_in | The length of time that the access token is valid (in seconds). |
276
276
| refresh_token | An OAuth 2.0 refresh token. The application can use this token to acquire additional tokens after the current token expires. Refresh tokens can be used to retain access to resources for extended periods of time. |
0 commit comments