AADSTS50013: Assertion failed signature validation. Key was found, but use of the key to verify the signature failed.

Aashutosh Aryal 40 Reputation points
2023-11-01T12:35:39.5833333+00:00

I am trying to authenticate on behalf of a user using an access token.

Flow: My backend receives an access token from the frontend (next js using the AzureAd provider for NextAuth). I want to use that access token to acquire an access token to use with microsoft graph but I get the "failed signature validation" error.

from msal import ConfidentialClientApplication

app = ConfidentialClientApplication(
   client_id="d0d65cdc-42af-4539-932b-f46ed114b1a1",
   client_credential="
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,853 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,466 questions
{count} votes

Accepted answer
  1. Navya 9,720 Reputation points Microsoft Vendor
    2023-11-02T12:57:01.5466667+00:00

    Hi @Aashutosh Aryal , thanks for reaching us.

    I understand you are trying to authenticate on behalf of a user using an access token.

    When you authenticate on behalf of a user using an access token, you have to set Application ID URI as api://{client_id}

    Go to Azure Active Directory -> App Registrations -> select your application -> Expose an API -> add Application ID URI -> Click on save.

    User's image

    Select Add a scope button and enter the required values ->make sure state as enabled -> click on Add Scope button on the bottom to save this scope.

    Select API permisisons -> Click Add Permission ->Search with your application Id -> In the Delegated permissions section, ensure that the right permissions are checked -> Click on Add permissions button.

    Thanks,

    Navya.

    Hope this helps. Do let us know if you any further queries.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.