Clients shouldn't peek inside access tokens

added by DotNetKicks
4/23/2018 2:51:14 PM

2 Kicks, 156 Views

I am having a Twitter thread about why the Microsoft Graph- and only the Microsoft Graph- should be the one validating access tokens obtained by a client for calling the Microsoft Graph. However I am failing to explain that effectively in 240 chars quanta, so here I am - breaking a ~7 months blogging hiatus...