Methods for validating requirements
The steps required to validate the token are described in the JSON Web Token (JWT) Internet Draft.We suggest that you use a four-step process to validate the identity token and obtain the user's unique identifier.
The amount of necessary documentation is dependent on the specific risks that are present, particularly when projects are implemented by outsourcing partners, distributed teams, or when access to stakeholders is limited or sporadic.
First, extract the JSON Web Token (JWT) from a base64 URL-encoded string.
Second, make sure that the token is well-formed, that it is for your Outlook add-in, that it has not expired, and that you can extract a valid URL for the authentication metadata document.
Your Outlook add-in can send you an identity token, but before you trust the request you must validate the token to ensure that it came from the Exchange server that you expect.
The examples in this article show you how to validate the Exchange identity token using a validation object written in C#; however, you can use any programming language to do the validation.