You deploy an Azure App Service web app. You create an app registration for the app in Azure Active Directory (Azure AD) and Twitter.
The app must authenticate users and must use SSL for all communications. The app must use Twitter as the identity provider.
You need to validate the Azure AD request in the app code.
What should you validate?
A. ID token header
B. ID token signature
C. HTTP response code
D. Tenant ID
When validating an Azure AD request in the app code, especially when using Twitter as the identity provider, you should validate option B: ID token signature.
Claims in header are used to validate signature.
https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens
Claims in header are used to validate signature. So the correct answer should be B ID token signature