Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Bearer error="invalid_token", error_description="The signature is invalid"

Tags:

.net-core

asp.net-core-webapi

azure-active-directory

asp.net-core-2.0

I have a angular application that request a token from azure. The login went well and I get a token. This token is now send from the angular app to a net core webapi application. Net core should verify this token but failed. I think the webapi should also contact azure to validate the token because it has no knowledge of the private and public key that is needed to verify the token.

At the moment it is not clear why it is failing. Both angular app and the webapi are running local on my computer.

The error is: Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: 'IDX10500: Signature validation failed. No security keys were provided to validate the signature.'

my net core 2 config is:

var tokenValidationParameters = new TokenValidationParameters
            {

                RequireExpirationTime = true,
                RequireSignedTokens = false,
                ValidateIssuerSigningKey = true,
                ValidateIssuer = true,
                ValidIssuer = "8d708afe-2966-40b7-918c-a39551625958",
                ValidateAudience = true,
                ValidAudience = "https://sts.windows.net/a1d50521-9687-4e4d-a76d-ddd53ab0c668/",
                ValidateLifetime = false,
                ClockSkew = TimeSpan.Zero
            };
            services.AddAuthentication(options =>
            {
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;

            }).AddJwtBearer(options =>
            {

                options.Audience = "8d708afe-2966-40b7-918c-a39551625958";
                options.ClaimsIssuer = "https://sts.windows.net/a1d50521-9687-4e4d-a76d-ddd53ab0c668/";
                options.RequireHttpsMetadata=false;
                options.TokenValidationParameters = tokenValidationParameters;
                options.SaveToken = true;
            });
like image 706
Thom Kiesewetter Avatar asked Feb 23 '18 09:02

Thom Kiesewetter

1 Answers

That is quite a lot of configuration you have :)

The two mandatory settings are the Audience and Authority:

services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(o =>
    {
        o.Audience = "8d708afe-2966-40b7-918c-a39551625958";
        o.Authority = "https://login.microsoftonline.com/a1d50521-9687-4e4d-a76d-ddd53ab0c668/";
    });

You are missing the Authority so it does not know where to load the signing public keys from.

like image 137
juunas Avatar answered Sep 20 '22 11:09

juunas
Sign in to Comment

Related questions

No executable found matching command "dotnet-tool"
Injecting Single Instance HttpClient with specific HttpMessageHandler
Passing method to component
How to unit test ActionFilterAttribute
Can't find Image class in System.Drawing under .NET Core 2.2
Example of how to use String.Create in .NET Core 2.1
Asp.Net Core 2.0-2.2 Kestrel not serving static content
How can I change the "Could not reconnect to the server" text in Blazor?
How to install Font Awesome in ASP.NET Core 2.2 using Visual Studio 2019 [closed]
Export private/public keys from X509 certificate to PEM
Inject generic interface in .NET Core
How to debug NuGet packages using Visual Studio
Asp.net Core Email confirmation sometimes says InvalidToken
Should '*.deps.json' file be distributed along with the assembly or inside nuget packages?
Is there a replacement for MEF in .NET Core (or ASP.NET 5)
Can you achieve Http/2 multiplexing with .Net Core HttpClient?
.Net Core 3 IStringLocalizer.WithCulture(CultureInfo) is obsolete
How to differentiate between null and non existing data in JSON in Asp.Net Core model binding?
Trying obfuscating Dot Net Core applications

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!