AADSTS50013: Assertion failed signature validation. Key was found, but use of the key to verify the signature failed.

Question

AADSTS50013: Assertion failed signature validation. Key was found, but use of the key to verify the signature failed.

Aashutosh Aryal 45

I am trying to authenticate on behalf of a user using an access token.

Flow: My backend receives an access token from the frontend (next js using the AzureAd provider for NextAuth). I want to use that access token to acquire an access token to use with microsoft graph but I get the "failed signature validation" error.

from msal import ConfidentialClientApplication

app = ConfidentialClientApplication(
   client_id="d0d65cdc-42af-4539-932b-f46ed114b1a1",
   client_credential="

Aashutosh Aryal 45 Reputation points

2023-11-03T03:31:13.2933333+00:00

So if i got this correct, I need to add permission for a custom scope for api://{client_id} in my frontend to generate a access token that can be consumed for on-behalf-of flow from my backend?
Gudivada Adi Navya Sri 21,075 Reputation points Moderator

2023-11-09T01:40:34.4633333+00:00

Hi @Aashutosh Aryal

Assertion is invalid because of various reasons -

The token must have an audience (aud) claim of the application making this On-Behalf-of flow request (the app denoted by the client-id field).

Sometimes it caused by wrong On-behalf-of flow implementation.

Answer accepted by question author

0 additional answers

Your answer

Aashutosh Aryal 45 Reputation points

2023-11-03T03:31:13.2933333+00:00

So if i got this correct, I need to add permission for a custom scope for api://{client_id} in my frontend to generate a access token that can be consumed for on-behalf-of flow from my backend?
Gudivada Adi Navya Sri 21,075 Reputation points Moderator

2023-11-09T01:40:34.4633333+00:00

Hi @Aashutosh Aryal

Assertion is invalid because of various reasons -

The token must have an audience (aud) claim of the application making this On-Behalf-of flow request (the app denoted by the client-id field).

Sometimes it caused by wrong On-behalf-of flow implementation.

Answer 1

Gudivada Adi Navya Sri 21,075 Moderator

Hi @Aashutosh Aryal , thanks for reaching us.

I understand you are trying to authenticate on behalf of a user using an access token.

When you authenticate on behalf of a user using an access token, you have to set Application ID URI as api://{client_id}

Go to Azure Active Directory -> App Registrations -> select your application -> Expose an API -> add Application ID URI -> Click on save.

User's image

Select Add a scope button and enter the required values ->make sure state as enabled -> click on Add Scope button on the bottom to save this scope.

Select API permisisons -> Click Add Permission ->Search with your application Id -> In the Delegated permissions section, ensure that the right permissions are checked -> Click on Add permissions button.

Thanks,

Navya.

Hope this helps. Do let us know if you any further queries.

Gudivada Adi Navya Sri 21,075 Reputation points Moderator

2023-11-13T13:50:41.7633333+00:00

Hi @Aashutosh Aryal

Following up to see if the above information was helpful. And, if you have any further query do let us know. Please remember to "Accept Answer" if answer helped you.
Rahul Vsk 0 Reputation points

2025-02-27T22:49:25.3+00:00

Still not working

Share via

AADSTS50013: Assertion failed signature validation. Key was found, but use of the key to verify the signature failed.

0 additional answers

Your answer