What is the recommended way to validate the access token in backend? Any library that handles it?
Another team has implemented the frontend they send the access token in the Bearer attributed in the header.
I found https://github.com/odwyersoftware/azure-ad-verify-token but it has only 17 Stars. I thought microsoft should have support for it in MSAL (https://github.com/AzureAD/microsoft-authentication-library-for-python) but seems not.
Any suggestions on how to implement it in a secure way? Or any good libs that handles the validation.
I have tried write the code my self but I get problems but worried its not secured and the code got messy. Also tried above lib but should like to have some more popular so its not a security risk.
Microsoft does not have a Python library to validate access tokens. Nevertheless, I found this official sample.
You can check the requires_auth() function, which is used to validate the access token.