• As a developer of a protected web API accepting v2 tokens, I can demand my clients to acquire Encrypted tokens to call my web API
• Why would a web API developer want their web API to receive encrypted tokens?
• TokenDecryption Certificates
• How to do it
• Generate the certificate
• Use Azure Key Vault
• Use PowerShell
• In the Azure AD Portal
• Back in your web API
• Helping with certificate rotation
• More information on Token Decryption Certificates with Microsoft Identity Web.
• Usages of the certificate
• Additional information