[baz00]

Leaving credentials and keys in memory.

[drodgers]

Also completely failing to check the scope of the request before validating it!

> Microsoft provided an API to help validate the signatures cryptographically but did not update these libraries to perform this scope validation automatically