What is 3rd part in id_token decoded response?

I decoded the `id_token` response which is received in auth token request (https://appleid.apple.com/auth/token). There are 3 parts of it. First is JWtHeader, JWTBody and 3rd part which are splitted by ".". I want to know relevance of 3rd part and what is it used for?

Up vote post of piyushs28 Down vote post of piyushs28
1.1k views
Posted by
piyushs28
Reply
Add a Comment

Replies

The third part is the signature, which is an encrypted hash of header + body, which is encrypted using Apple's private key.
The signature is used to verify that the id_token indeed comes from Apple, not maliciously crafted by the end user or attacker.
You can verify the signature using the Apple's public key : https://appleid.apple.com/auth/keys

Posted by
soulchild
Up vote reply of soulchild Down vote reply of soulchild
Add a Comment