This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 50%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
Hello,
We have deployed a custom Teams Tab application. There is a manifest.json and respective AppRegistration. No error messages are displayed when user opens the application. The app itself is displayed in the Teams Store.
The problem arises when the frontend (right before accessing a screen with form) attempts to obtain a token using Microsoft @microsoft/teams-js library, method getAuthToken(). This token is not used to call Graph/Sharepoint APIs directly, but rather the application exchanges it for a Graph and/or SharePoint token to execute respective calls via backend. Upon attempting to exchange this token for a GraphAPI token using MSAL backend application, an error message is returned: "AADSTS5002730: Invalid JWT token. Unsupported key for the signing algorithm. Trace ID: 677b0e66-6284-4b6c-999f-9c8ffeffa800 Correlation ID: fe697968-cc06-48f2-9d52-25d25c49a753".
The issue seems to be the fact the original token (the one obtained by getAuthToken() method), it's signed using HS256.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 5%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Hello IPESOFT,
Could you please check the private message and provide the required details for troubleshooting the issue further.
Here is the reference link on how to access & data retention policy of private messages in Microsoft Q&A.
Hello IPESOFT,
Following up to see if you have chance to check my previous response and please let us know with an update to assist you further on this.
Hello IPESOFT,
We haven't heard back from you yet, and I wanted to ensure everything is on track and see if there's anything more, we can assist you with.
Hello IPESOFT,
Please check private message and provide requested details to proceed further.
Hello , Welcome to MS Q&A
I think you cannot exchange the HS256-signed Teams token for a Graph/SharePoint token in Azure AD. You must use the Teams SSO flow or MSAL to get a real Azure AD access token for Graph/SharePoint.
References
Pls check and let us know if any further ques
Kindly accept answer if it helps
Thanks
Deepanshu
Hello,
Thank you for reply. I will make little update on this.
First, we obtain Microsoft Entra token.
Then we try to exchange this token in OBO flow.
In one tenant, we obtain HS256 token (as authToken), in other tenant, the very same line of code returns RS256 token. That is the issue we need to solve.
Just to show which libs we use:
More of the same method: