Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
You should pass access token instead of id token when calling web API.
The signature key was not found, Bearer error="invalid_token", error_description="The audience is invalid"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 61%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
SATISH KHASHABA JADHAV
0
Reputation points
My SPA application is registered in Azure. I use MSAL for user authentication and call secured API, however I get below error while calling the API
Bearer error="invalid_token", error_description="The signature key was not found"
Bearer error="invalid_token", error_description="The audience is invalid"
I pass application client id to class PublicClientApplication of @azure/msal-browser library and gets a ID Token which is passed while calling the API.
It works fine when I use another application client id. Hence, I compared both apps setting registered in Azure and they are exactly same.
Can you please suggest what could be missing?
Microsoft Security | Microsoft Graph
1 answer
Sort by: Most helpful
-
CarlZhao-MSFT 46,426 Reputation points2023-12-13T06:09:43.67+00:00 -
SATISH KHASHABA JADHAV 0 Reputation points
2023-12-14T04:29:34.85+00:00 When I use access token I get below error
Bearer error="invalid_token", error_description="The signature is invalid"
The other application which works fine uses ID token instead of access token.
If I use ID token I get error "The audience is invalid"
I compared the manifest file of both apps and they are exactly same!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur 30,446 Reputation points Microsoft Employee Moderator2023-12-14T11:21:12.2+00:00 What is the scope you are passing to get the access token? Are you also passing authority in the configuration.
If you are referring any sample, please share the same.
-
SATISH KHASHABA JADHAV 0 Reputation points
2023-12-14T13:10:19.9866667+00:00 const pca = new PublicClientApplication({ auth:{ clientId:'678ea00ac-05b6-45533-bfb6-47XXXXX', // My APP Client ID (Doesn't Work) //clientId:'78cad345-4094-4db1-9300-XXXXXXX', // Another App Client ID (Works fine) authority:'https://login.microsoftonline.com/TenantID', redirectUri:'/', } });Below scope is in payload
[ "User.Read", "profile", "openid", "email" ]
Sign in to comment -