I can't verify azure ad token in node js web api (Non b2c)

Question

I have angular as my client application and node js as my web api

I have configured the app registration properly. But passport-azure-ad package that i used to verify(used bearer strategy) showing authentication failed due to invalid signature.

Kindly help me to fix this isssue

thanks and waiting for your reply

Answer 1

Hi @Saravana ,

Thanks for reaching out.

The error you are getting is due to invalid signature in the token. For validation, you can decode the token you received using jwt.ms

To Verify the JWT token:

1. Verify that the JWT contains three segments, separated by two period ('.') characters.
2. Parse the JWT to extract its three components. The first segment is the Header, the second is the Payload, and the third is the Signature. Each segment is base64url encoded.
3. Signature contains the digital signature of the token that was generated by Azure AD’s private key and verify that the token was signed by the sender.

To validate the authenticity of the JWT token’s data is by using Azure AD’s public key to verify the signature.
You can obtain public key by calling the public Azure AD OpenID configuration endpoint: https://login.microsoftonline.com/common/.well-known/openid-configuration.

The metadata document contains a JSON Web Key Set (JWKS) URI that points to a set of public keys used to sign the tokens. You can use the "kid" claim in the token header to select the public key that corresponds to the private key used to sign the token. You can then validate the signature using the selected public key

If it works, you know the contents were signed with the private key. If not, you can’t be sure of it so you should treat the JWT token as an invalid token.

Hope this will help.

Thanks,

Shweta

---

Please remember to "Accept Answer" if answer helped you.