How to: Use the Exchange token validation library

apps for Office

Learn how to use the EWS Managed API validation library to validate an Exchange identity token.

Last modified: March 06, 2014

Applies to: Exchange Online | Exchange Server 2013 | Exchange Server 2013 SP1 | Outlook 2013 | Outlook 2013 RT | Outlook 2013 SP1 | Outlook for Mac for Office 365 | Outlook Web App | OWA for Devices

   Office.js: v1.0, v1.1

   Apps for Office manifests schema: v1.0, v1.1

You can identify the clients of your mail app by using an identity token that your app requests from a server running Exchange Server 2013. The token, formatted as a JSON Web token, provides a unique identifier for an email account on an Exchange server. The Exchange Web Services (EWS) Managed API provides helper classes to simplify the use of the identity token.

To validate an Exchange identity token, you must have the EWS Managed API authentication library and the Windows Identity Foundation (WIF), along with a DLL that extends the WIF with handlers for JSON tokens. Make sure that you download the following resources:

The EWS Managed API validation library provides the AppIdentityToken class to manage the Exchange identity tokens. The following method shows how to create an AppIdentityToken instance and call the Validate method to verify that the token is valid.

// Required to use the validation library.
using Microsoft.Exchange.WebServices.Auth.Validate;

        private AppIdentityToken CreateAndValidateIdentityToken(string rawToken, string hostUri)
                AppIdentityToken token = (AppIdentityToken)AuthToken.Parse(rawToken);
                token.Validate(new Uri(hostUri));

                return token;
            catch (TokenValidationException ex)
                throw new ApplicationException("A client identity token validation error occurred.", ex);

© 2014 Microsoft