我是 passport-azure-ad 。要回答您的问题，是的，它将为您验证令牌。它使用对代码中jwtVerify的调用来完成此操作。 Y 您可以看到从此处开始的地方。它将使用在您的配置中的元数据终结点处找到的密钥对令牌进行解密。

I'm the maintainer for passport-azure-ad. To answer your question, yes it will validate the token for you. It does this using the call to the jwtVerify in the code. You can see where this starts here. It will decrypt the token using the keys that are found at the metadata endpoint which is in your configuration.

如果验证不成功，您将从代码中得到一个错误，如下所示：您将在上方看到并在此处引用：

If the validation is unsuccessful you will get an error from the code as you'll see above and referenced here:

jwt.verify(token, PEMkey, options, function(err, token) {
            if (err) {
                if (err instanceof jwt.TokenExpiredError) {
                    log.warn("Access token expired");
                    done(null, false, 'The access token expired');
                } else if (err instanceof jwt.JsonWebTokenError) {
                    log.warn("An error was received validating the token", err.message);
                    done(null, false, util.format('Invalid token (%s)', err.message));
                } else {
                    done(err, false);
                }

让我知道这是否有帮助，如果有，请标记为回答。谢谢！

Let me know if this helps and if so mark answered. Thanks!