MSAL access token invalid signature

Question

I'm using MSAL to get an access token. It works fine and I'm able to log in and retrieve my Active Directory user.

However when I'm having problems using it to access an API and I have noticed that when I inspect the token at https://jwt.io/ it says INVALID SIGNATURE.

Is this a problem? If so how can I fix it?

Answer 1

No, it isn't a big concern because JWT.io doesn't have the public key, but you can verify the token signature by:

1. Copying the public key from the "keys" endpoint in Azure AD B2C.
2. Converting this public key from the JSON Web Key (JWK) format to the PEM format.
3. Pasting the public key to the "Verify Signature" field in JWT.io.

The keys endpoint is:

https://login.microsoftonline.com/te/{tenant}/{policy}/discovery/v2.0/keys

The public key can be converted from the JWK format to the PEM format using tools such as the jwt-to-pem package.