Access Token Signature Validation

Subramanyam k 251 Reputation points
2021-03-05T13:35:47.467+00:00

This is regarding the Token validation

When we are generating access token using the default scopes in Azure (example:Graph API user.read). We observe that
the access token signature is invalid(used https://jwt.io/).

But when we generate the access token using custom scopes(example:api/tenantid/customscope). We observe that
the access token signature is valid.

What could be reason, the signature is invalid for the access token generated by default scope ?

Note:Even in our coding we used microsoft public keys, we are facing the same issue. Token generated with graph api scopes are marked as
invalid

Please provide your comments.

Thanks,
Subramanyam

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,483 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. VipulSparsh-MSFT 16,251 Reputation points Microsoft Employee
    2021-03-09T09:37:01.48+00:00

    @Subramanyam k That is expected. You should try to validate the access token which is dedicated to your own resource (Application).
    The access token for Microsoft graph is encoded for Graph only and any other party will not be able to verify that.

    Read more in detail here.

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

    0 comments No comments