C validating data types
Because bearer tokens do not have a built-in mechanism to prevent unauthorized parties from using them, they must be transported in a secure channel such as transport layer security (HTTPS).If a bearer token is transmitted in the clear, a man-in the middle attack can be used to acquire the token and gain unauthorized access to a protected resource.For more security considerations on bearer tokens, see RFC 6750 Section 5.Many of the tokens issued by Azure AD are implemented as JSON Web Tokens, or JWTs.If necessary, even more detail can be found in the Open ID Connect specification.ey J0e XAi Oi JKV1Qi LCJhb Gci Oi Jub25l In0Jhd WQi Oi Iy ZDRk MTFh Mi1m ODE0LTQ2YTct ODkw YS0y Nz Rh Nz Jh Nz Mw OWUi LCJpc3Mi Oi Jod HRwczov L3N0cy53a W5kb3dz Lm5ld C83Zm U4MTQ0Ny1k YTU3LTQz ODUt Ym Vj Yi02ZGU1N2Yy MTQ3N2Uv Iiwia WF0Ijox Mzg4NDQw ODYz LCJu Ym Yi Oj Ez ODg0NDA4Nj Ms Im V4c CI6MTM4ODQ0NDc2Mywidm Vy Ijoi MS4w Iiwid Glk Ijoi N2Zl ODE0NDct ZGE1Ny00Mzg1LWJl Y2It Nm Rl NTdm Mj E0Nzdl Iiwib2lk Ijoi Njgz ODlh ZTIt Nj Jm YS00Yj E4LTkx Zm Ut NTNk ZDEw OWQ3NGY1Iiwid XBu Ijoi Zn Jhbmtt QGNvbn Rvc28u Y29t Iiwid W5pc XVl X25hb WUi Oi Jmcm Fua21AY29ud G9zby5jb20i LCJzd WIi Oi JKV3ZZZENXUGhob HBTMVpz Zjd5WVV4U2h Vd3RVb TV5el Btd18talgz Zkh ZIiwi Zm Fta Wx5X25hb WUi Oi JNa Wxs ZXIi LCJna XZlbl9u YW1l Ijoi Rn Jhbmsif Q.Id_tokens are a form of sign-in security token that your app receives when performing authentication using Open ID Connect.
Though authentication with Azure AD is required in order to receive a bearer token, steps must be taken to secure the token, to prevent interception by an unintended party.
Azure AD supports the OAuth 2.0 authorization protocol, which makes use of both access_tokens and refresh_tokens.
It also supports authentication and sign-in via Open ID Connect, which introduces a third type of token, the id_token.
You can use the claims in an id_token as you see fit - commonly they are used for displaying account information or making access control decisions in an app.
Id_tokens are signed, but not encrypted at this time.