Token validation fails with token must have three segments (JWS) or five segments (JWE)

Mahesh Mhatre 20 Reputation points Microsoft Employee
2024-03-01T22:02:25.1066667+00:00

Invalid token or signature. IDX12741: JWT: '{"alg":"RS256","typ":"JWT","x5t":"x","kid":"x"}.{"aud":"api://x","iss":"https://sts.windows.net/x/","iat":1709242917,"nbf":1709242917,"exp":1709329617,"aio":"x","appid":"x","appidacr":"2","idp":"https://sts.windows.net/x/","rh":"x.","tid":"x","uti":"x","ver":"1.0"}' must have three segments (JWS) or five segments (JWE)."

I see that generated token has 3 segments separated by '.' In jwt.io the token shows verified signature.

I acquire token using following code:

config = {
    "client_id": "
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,726 questions
{count} votes

Accepted answer
  1. Givary-MSFT 32,581 Reputation points Microsoft Employee
    2024-04-02T05:55:52.2133333+00:00

    @Mahesh Mhatre I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue:

    Invalid token or signature. IDX12741: JWT: '{"alg":"RS256","typ":"JWT","x5t":"x","kid":"x"}.{"aud":"api://x","iss":"https://sts.windows.net/x/","iat":1709242917,"nbf":1709242917,"exp":1709329617,"aio":"x","appid":"x","appidacr":"2","idp":"https://sts.windows.net/x/","rh":"x.","tid":"x","uti":"x","ver":"1.0"}' must have three segments (JWS) or five segments (JWE)."

    I see that generated token has 3 segments separated by '.' In jwt.io the token shows verified signature.

    Resolved by @Mahesh Mhatre found the problem with this code. tokenHandler.ValidateToken method expects a string token. I created a token object JwtSecurityToken using the received string token. To method ValidateString I provided string version of this object (which does not have signature part). If I provide the original string token then it works fine

    If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Mahesh Mhatre 20 Reputation points Microsoft Employee
    2024-03-11T22:21:38.6266667+00:00

    I found the problem with this code. tokenHandler.ValidateToken method expects a string token. I created a token object JwtSecurityToken using the received string token. To method ValidateString I provided string version of this object (which does not have signature part). If I provide the original string token then it works fine

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.