Authentication Tokens Are Not a Data Contract
Authentication tokens exist to answer one question: is this caller authorized to do this? They are not intended to be a stable data interface, a schema you can depend on, or an input into application logic. If your application decodes tokens and reads claims from them, this is an important heads-up. Token Claims Were Never […]
The post Authentication Tokens Are Not a Data Contract appeared first on Azure DevOps Blog.
Published on:
Learn more