Here's how to validate Entra ID access tokens in custom Microsoft 365 solutions


While many Microsoft 365 solutions involve both client-side and server-side solutions, what almost all of them have in common is the need to obtain an access token from Microsoft Entra ID to either identify who the currently signed-in user is and to call either (or both) your endpoints or an existing one. When you use access tokens to secure your endpoints, you should never assume it’s valid and secure. Access tokens are just like cash - whoever has them can use them, and whoever receives...