IDX10501: Signature validation failed. kid: '[PII is hidden]', token: '[PII is hidden]' - Azure B2C

Question

I have created a sample application where the user can authenticate with Azure B2C which works fine. I get back the Token and the AuthenticationResult. Both are Ok. But I want to get back the ClaimPrincipal from the token. To do this I have added the System.IdentityModel.Tokens.Jwt (5.4.0) nuget package to the project.

With the following code I try to achieve:

string Token = "eyJ0eXAiOiJKV1QiLCJhbGciO*****"; //long token
JwtSecurityTokenHandler jwt = new JwtSecurityTokenHandler();

var validateParams = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
        {
          ValidIssuer = Authority, //https://login.microsoftonline.com/tfp/MYTEANANTNAME.onmicrosoft.com/MYPOLICYNAME/v2.0/" 
          ValidAudience = clientId,  //CLIENTID: Like: b430xxxx-xxxx-xxxx-xxxx-f5c33cxxxxxx
          ValidateAudience = true,
          ValidateLifetime = true,
          ValidateIssuer = true,
        };

SecurityToken secToken;
var claimPrincipal = jwt.ValidateToken(Token, validateParams , out secToken);

But all the time when the ValidateToken is hit it throws the following exception:

IDX10501: Signature validation failed. Unable to match keys: 
kid: '[PII is hidden]', 
token: '[PII is hidden]'.

Do you have any advice how I should resolve this issue?

In this case the application is a .net core console app, but in the end this code will be in an WPF application.

Answer 1

You can get a more detailed error when you set the following flag. This will replace the [PII is hidden] (aka: Personal Identifiable Information) with the actual error.

IdentityModelEventSource.ShowPII = true;