5 MONTHS AGO • 1 MIN READ

Here's how to validate Entra ID access tokens in custom Microsoft 365 solutions

While many Microsoft 365 solutions involve both client-side and server-side solutions, what almost all of them have in common is the need to obtain an access token from Microsoft Entra ID to either identify who the currently signed-in user is and to call either (or both) your endpoints or an existing one. When you use access tokens to secure your endpoints, you should never assume it’s valid and secure. Access tokens are just like cash - whoever has them can use them, and whoever receives...

profile

The Full Stack Dev's Microsoft 365 Playbook

Andrew, a 20-year recipient of Microsoft's MVP award, scours Microsoft & community resources every week so YOU DON'T HAVE TO. Save time & stay informed - get the Microsoft 365 developers need + my insights and guidance on a trending topic. Subscribe to my bi-weekly newsletter & join 9,000+ fellow M365 developers! No clickbait · 100% free · unsubscribe anytime.