I am using APIM to validate JWT Tokens and here is my policy looks
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<audience>68f3930e-0492-4642-8cd0-65d68a504dba</audience>
<audience>7a20a24d-1bc7-4906-8dfc-c0e6dfd19d69</audience>
<audience>ae901aaf-6bea-4e1b-902c-6851e4305b1b</audience>
<audience>0d5b8f5e-4045-459c-99f1-a710ca8dd63e</audience>
<audience>c37587ed-2974-4932-b87f-e51886ca378e</audience>
<audience>2f96ac72-7887-4aa4-a02c-204288fe1ed8</audience>
<audience>7c5dd291-edd7-4dc4-ad09-25ac006a0a42</audience>
</audiences>
<issuers>
<issuer>https://login.microsoftonline.com/{TennatId}/v2.0/</issuer>
<issuer>https://{Tennant}.b2clogin.com/38cf84e1-4cbb-4abb-8aa3-4c0f7107c585/v2.0/</issuer>
<issuer>https://sts.windows.net/{TennatId}/</issuer>
</issuers>
</validate-jwt>
I am specifying issuers so I can validate B2B and B2C JWT Tokens and also added Audience as well so it can validates the token generated by multiple applications. I am not specifying OpenId Config because there is explicit issuers are specified in my case.
I am getting this error
validate-jwt (-0.148 ms)
{
"message": "JWT Validation Failed: IDX10500: Signature validation failed. No security keys were provided to validate the signature.."
}
I tried to specified the Issuer keys like this which I am getting this way
https://login.microsoftonline.com/{tenant_id}/discovery/keys?appid={client_id}
https://{Tennant}.b2clogin.com/{tennant}.onmicrosoft.com/B2C_1_si/discovery/v2.0/keys
I am retrieving multiple Kids and which I specified below but getting error on saving policy for "Not valid Base64 string"
<issuer-signing-keys>
<key>X5eXk4xyojNFum1kl2Ytv8dlNP4-c57dO6QGTVBwaNk</key>
<key>Mr5-AUibfBii7Nd1jBebaxboXW0</key>
</issuer-signing-keys>
Please suggest what I am doing wrong in my case.
Thanks