Just finished integrating Azure ActiveDirectory OAuth2 with a Python Web API using
the following authentication scenario.
The JWT token is requested through a web application and passed to the Web API for resource access. The Web API can’t just simply trust the token, it needs to verify if the issued token is valid.
Azure AD OAuth2 is using the JSON Web Key (JWK) standard
to represent the certificates needed to validate a RS256 (RSA) based JWT token. If you don’t