Error: Invalid_token, Description: 'The signature is invalid' (Occurs during validation in Asp.net Core Web API against AAD 2.0)

WATERKAMP, OLIVER 111 Reputation points
2020-11-02T17:09:09.917+00:00

I try to validate my access-token (which I received from the AAD-token-endpoint before) in my Asp.net Core Web API 3.1 against the AAD and I get following response from the server:

access-control-allow-credentials: true
access-control-allow-origin: https://localhost:4200
date: Mon, 02 Nov 2020 16:45:05 GMT
server: Microsoft-IIS/10.0
status: 401
www-authenticate: Bearer error="invalid_token", error_description="The signature is invalid"
x-powered-by: ASP.NET

I tried already many different validation implementations in my web-api, but nothing works...:-(
I really don't know why this signature is invalid even when I got this access-token from the token-endpoint.

I happy for any kind of help to solve this problem.

It's really urgent for me.

Thanks,
Oliver

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,141 questions
{count} votes

2 answers

Sort by: Most helpful
  1. WATERKAMP, OLIVER 111 Reputation points
    2020-11-04T22:14:28.263+00:00

    Hi @JamesTran-MSFT

    Thanks for writing back.
    After another night of investigating and debugging I found the problem.

    The structure of the access-token was in ver:1.0 (I need version 2.0).

    The reason because I had somehow a wrong access-token structure version were wrong set scopes.
    After I correct the scopes to getting the access-token it worked everything.

    Thanks for your help and we can close this thread.

    Best regards,
    Oliver

    1 person found this answer helpful.

  2. Ohm Sadasivam 1 Reputation point
    2021-04-28T21:37:50.363+00:00

    Hi,
    I have the same issue. I keep getting the ver1.0 token when I get the token from my Angular MSAL call. Though my API App registered with a scope have the accessTokenAcceptedVersion = 2.
    Can someone help.
    Thanks
    Om


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.