JWT

The other day I was trying to troubleshoot an issue where I needed to know what the content of an ID token coming from AAD was for a mobile application. The application was setup to use code flow with PKCE and using fiddler to troubleshoot this didn’t work since AAD is protected with SSL pinning so trying to have fiddler be the man in the middle didn’t work out. It helped me figuring out what request was sent to the server but not the content of the response.

Wow that’s the longest blogpost title I have ever used. Hopefully this will help finding this page if you are searching for a solution I am describing here. One of our customers came to us with a question how to integrate our B2C product with Realm Cloud. I had looked at this product before but didn’t know what technically was possible for integration with B2C. The request was to use B2C tokens with the custom JWT Authentication Realm cloud supports.