Azure AD B2C - Invalid signature

Question

Azure AD B2C - Invalid signature

Malvaro 150

Goof afternoon community,

I've created an Azure AD B2C resource and I've created a simple service principal with the following Authentications

User's image

Also, I've created a user flow And when I ran the user flow the JWT token said that I had an Invalid Signature:.

User's image

and in the claims I have this information

I've created custom roles, and I got the same issue...

Any ideas?

Thanks a lot for your help,

Cheers,

Moisés.

Sanoop M 4,345 Reputation points Moderator

2025-01-20T20:27:30.0266667+00:00

Hello @Malvaro ,

Thank you for posting your query on Microsoft Q&A.

Based on your issue description, I understand that you have created an Azure AD B2C resource and you have created a simple service principal. Also, you created a user flow and when you ran the user flow the JWT token said that you had an Invalid Signature:

Please make sure to put the secret key string after: HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), enter_here_your_secret_key) as per the below Screenshot under VERIFY SIGNATURE tab and check the behavior by again running the user flow to check if the signature is verified or not.

Also please share us the Screenshot after adding the correct Secret Key under VERIFY SIGNATURE tab as mentioned in the above Screenshot.

I am looking forward to your response.

Thanks and Regards,

Sanoop Mohan
Sanoop M 4,345 Reputation points Moderator

2025-01-21T21:03:33.3333333+00:00

Hello @Malvaro ,

We haven’t heard from you on the last response and was just checking back to see if you have followed the steps which I have mentioned above. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to resolve your issue.

Thanks and Regards,

Sanoop Mohan
Malvaro 150 Reputation points

2025-01-22T08:25:51.77+00:00

Sorry for my delay, I will try to reply as soon as possible.
Sanoop M 4,345 Reputation points Moderator

2025-01-23T17:50:33.3133333+00:00

Hello @Malvaro ,

We haven’t heard from you on the last response and was just checking back to see if you have followed the steps which I have mentioned above. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to resolve your issue.

Thanks and Regards,

Sanoop Mohan
Sanoop M 4,345 Reputation points Moderator

2025-01-24T20:05:17.4833333+00:00

Hello @Malvaro ,

We haven’t heard from you on the last response and was just checking back to see if you have followed the steps which I have mentioned above. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to resolve your issue.

Thanks and Regards,

Sanoop Mohan

1 answer

Your answer

Sanoop M 4,345 Reputation points Moderator

2025-01-20T20:27:30.0266667+00:00

Hello @Malvaro ,

Thank you for posting your query on Microsoft Q&A.

Based on your issue description, I understand that you have created an Azure AD B2C resource and you have created a simple service principal. Also, you created a user flow and when you ran the user flow the JWT token said that you had an Invalid Signature:

Please make sure to put the secret key string after: HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), enter_here_your_secret_key) as per the below Screenshot under VERIFY SIGNATURE tab and check the behavior by again running the user flow to check if the signature is verified or not.

Also please share us the Screenshot after adding the correct Secret Key under VERIFY SIGNATURE tab as mentioned in the above Screenshot.

I am looking forward to your response.

Thanks and Regards,

Sanoop Mohan
Sanoop M 4,345 Reputation points Moderator

2025-01-21T21:03:33.3333333+00:00

Hello @Malvaro ,

We haven’t heard from you on the last response and was just checking back to see if you have followed the steps which I have mentioned above. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to resolve your issue.

Thanks and Regards,

Sanoop Mohan
Malvaro 150 Reputation points

2025-01-22T08:25:51.77+00:00

Sorry for my delay, I will try to reply as soon as possible.
Sanoop M 4,345 Reputation points Moderator

2025-01-23T17:50:33.3133333+00:00

Hello @Malvaro ,

We haven’t heard from you on the last response and was just checking back to see if you have followed the steps which I have mentioned above. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to resolve your issue.

Thanks and Regards,

Sanoop Mohan
Sanoop M 4,345 Reputation points Moderator

2025-01-24T20:05:17.4833333+00:00

Hello @Malvaro ,

We haven’t heard from you on the last response and was just checking back to see if you have followed the steps which I have mentioned above. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to resolve your issue.

Thanks and Regards,

Sanoop Mohan

Answer 1

Malvaro 150

Good morning,

The problem is solved. By default when you're creating a B2C User flow, you can select the Token compatibility settings -> issuer (is s) claim

User's image

The token gets this issuer and the signature can be verified by adding the value.

User's image

Weirdly, I must select it, but it worked.

Thanks for your help, and we can close the ticket.

All the best,

Moisés.

0 comments

Share via

Azure AD B2C - Invalid signature

1 answer

Your answer