Hi @Mark England ,
Thanks for reaching out and apologies for delay in response.
The error message you provided is due to Microsoft Identity is not able to validate the signature of a JSON Web Token (JWT).
It seems that the key used to sign the JWT cannot be found or matched with the key specified in the token.
To Verify the JWT token:
- Verify that the JWT contains three segments, separated by two period ('.') characters.
- Parse the JWT to extract its three components. The first segment is the Header, the second is the Payload, and the third is the Signature. Each segment is base64url encoded.
- Signature contains the digital signature of the token that was generated by Azure AD’s private key and verify that the token was signed by the sender.
To validate the authenticity of the JWT token’s data is by using Azure AD’s public key to verify the signature.
You can obtain public key by calling the public Azure AD OpenID configuration endpoint: https://login.microsoftonline.com/common/.well-known/openid-configuration and verify against the private key generated by Azure AD token.
If it works, you know the contents were signed with the private key. If not, you can’t be sure of it so you should treat the JWT token as an invalid token.
For validation, developers can also decode JWTs using jwt.ms
In ASP.net core can check the token validation parameters and make sure that the 'IssuerSigningKeys' property contains the key used to sign the token.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.