Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,960 questions
Jwt token Issuer validation failed
SATYA PAVANKUMAR
40
Reputation points Microsoft Employee
Our project involves a static website that uses ReactApp for the frontend and connects to APIM APIs through APIM Management integration with the static web app. We also implemented an authentication mechanism for the website using Azure AAD B2C that has Custom Policies for signup,signin,signout etc.,
We created app registration for static web app in B2C and set the "acceptedVersion" to 2 in the manifest file. On APIM, we use the "validate-Jwt" policy to verify the B2C token.
The token generation was success however its getting failed at APIM validation.
Issue:
IDX10205: Issuer validation failed. Issuer: 'https://identity.2.azurestaticapps.net/.auth'. Did not match: validationParameters.ValidIssuer: '' or validationParameters.ValidIssuers: 'https://identity.4.azurestaticapps.net/.auth'.
{count} votes
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
JananiRamesh-MSFT 24,111 Reputation points2024-03-15T08:22:06.7333333+00:00 @SATYA PAVANKUMAR @SATYA PAVANKUMAR Thanks for reaching out. The error message you are seeing indicates that the issuer of the token received by APIM does not match the expected issuer. The expected issuer is
https://identity.4.azurestaticapps.net/.auth, but the actual issuer ishttps://identity.2.azurestaticapps.net/.auth.To resolve this issue, you need verify the
validate-jwtpolicy in APIM to include the correct issuer.do let me know incase of further queries, I would be happy to assist you.
-
JananiRamesh-MSFT 24,111 Reputation points
2024-03-15T09:31:56.39+00:00 @SATYA PAVANKUMAR As discussed offline you confirmed that the issue is with the way of generating token from static web app and not in issuer.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SnehaAgrawal-MSFT 20,856 Reputation points2024-03-18T07:49:13.19+00:00 @SATYA PAVANKUMAR Thanks for reaching here! As its mentioned in the documented -Configuring authentication in an Azure Static Web App by using Azure AD B2C
When the access token expires or the app session is invalidated, Azure Static Web App initiates a new authentication request and redirects users to Azure AD B2C.
If the Azure AD B2C SSO session is active, Azure AD B2C issues an access token without prompting users to sign in again. If the Azure AD B2C session expires or becomes invalid, users are prompted to sign in again.
Could you please check if its prompting to sign in?
Check if all the steps followed from here- https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-in-azure-static-app
Sign in to comment