fix(azuread): turn on signature verification on JWT

There is no known reason for this to be turned off. In case this breaks
some workflows, these should be fixed and not generally disabling the
verification.

Author: nijel

social_core/backends/azuread.py

@@ -105,7 +105,7 @@ def user_data(self, access_token, *args, **kwargs):
             id_token = access_token
 
         try:
-            decoded_id_token = jwt.decode(id_token, options={"verify_signature": False})
+            decoded_id_token = jwt.decode(id_token)
         except (jwt.DecodeError, jwt.ExpiredSignatureError) as de:
             raise AuthTokenError(self, de)
         return decoded_id_token