Access Token Signature Validation

Subramanyam k 251 Reputation points

This is regarding the Token validation

When we are generating access token using the default scopes in Azure (example:Graph API We observe that
the access token signature is invalid(used

But when we generate the access token using custom scopes(example:api/tenantid/customscope). We observe that
the access token signature is valid.

What could be reason, the signature is invalid for the access token generated by default scope ?

Note:Even in our coding we used microsoft public keys, we are facing the same issue. Token generated with graph api scopes are marked as

Please provide your comments.


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,483 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. VipulSparsh-MSFT 16,251 Reputation points Microsoft Employee

    @Subramanyam k That is expected. You should try to validate the access token which is dedicated to your own resource (Application).
    The access token for Microsoft graph is encoded for Graph only and any other party will not be able to verify that.

    Read more in detail here.


    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

    0 comments No comments