Azure.Identity.AuthenticationFailedException: 'OnBehalfOfCredential authentication failed: AADSTS50013: Assertion failed signature validation. [Reason - The key was not found., appID: 00000000-0000-0000-0000-000000000000

Anonymous
2023-07-18T18:14:53.4366667+00:00

Hello, I am currently trying to use On-Behalf-Of authentication to validate a call to the Graph API SDK. I have a Vue app that sends a request to my web api that I want to call the graph sdk. I have initialized the client according to the documentation here: https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=csharp.

I have also configured my api permissions to be allowed to access the graph api.

For the graph client initialization, I pass in my api's clientID, client secret, tenantID, and the JWT token that my vue app used to access my personal api.

The client initialized without any errors, but when I go to call the graph sdk, I get the error:

Azure.Identity.AuthenticationFailedException: 'OnBehalfOfCredential authentication failed: AADSTS50013: Assertion failed signature validation. [Reason - The key was not found Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id '00000000-0000-0000-0000-000000000000'.

The problem I'm running into is that the error actually contains app Id ''00000000-0000-0000-0000-000000000000'. I am not doing that for security. It does not contain my actual appId in the error message when it is thrown. The correct appId is used to initialize the client. Does anyone have an idea as to why my appId disappears when calling the sdk?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,611 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-07-20T08:24:25.2033333+00:00

    Solved: It seems like this was a problem with using b2c authentication which is not currently supported by the OBO flow.

    0 comments
  2. CarlZhao-MSFT 36,976 Reputation points
    2023-07-20T10:28:39.8933333+00:00

    Hi @Justin Almas

    I'm glad to hear you solve the problem, if you have any issue about Graph, you are welcome to raise a ticket in this forum.

    By the way, since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others." and according to the scenario introduced here: Answering your own questions on Microsoft Q&A, I would make a brief summary of this thread:

    • Issue Symptom:

    When calling the Graph SDK, the following error was thrown: Azure.Identity.AuthenticationFailedException: 'OnBehalfOfCredential authentication failed: AADSTS50013: Assertion failed signature validation. [Reason - The key was not found Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id '00000000-0000-0000-0000-000000000000'.

    • Solution:

    OBO flow does not currently support Azure AD B2C, please use other OAuth2.0 authentication flows instead.

    You could click the "Accept Answer" button for this summary to close this thread, and this can make it easier for other community member's to see the useful information when reading this thread. Thanks for your understanding!