azure ad access token audinece and issuer are "aud": "00000003-0000-0000-c000-000000000000", "iss": "https://sts.windows.net and signature is failing.

Venkata Modha 1 Reputation point
2022-04-29T11:11:28.743+00:00

unable to validate the signature of my access token return by azure ad. In the access token it is showing "aud": "00000003-0000-0000-c000-000000000000",
"iss": "https://sts.windows.net/mytentid. and also I changed the app's manifest variable (acessTokenAcceptedVersion to 2) but still I am getting a version 1 access token. how to change my aud and issuer and version in the access token to validate the signature. or any other alternative to validate the token with "aud": "00000003-0000-0000-c000-000000000000",
"iss": "https://sts.windows.net/mytenentid.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,451 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vasil Michev 109.7K Reputation points MVP
    2022-04-29T11:37:54.303+00:00

    Post your "request token" function? You seem to be requesting a token against the old endpoint, use https://login.microsoftonline.com/ instead, or better yet the MSAL methods directly.


  2. Venkata Modha 1 Reputation point
    2022-05-02T05:28:32.97+00:00

    const msalConfig = {
    auth: {
    clientId: process.env.VUE_APP_clientId,
    authority: process.env.VUE_APP_tenant,
    redirectUri: process.env.VUE_APP_redirectUri,
    },
    cache: {
    cacheLocation: 'sessionStorage',
    storeAuthStateInCookie: false
    }
    }

    const msalInstance = new PublicClientApplication(msalConfig);

    const updateStore = (commit, response) => {
    const userDetails = {
    token: response.accessToken,
    name: response.account.name,
    email: response.account.userName
    };
    commit('setUser', userDetails);
    localStorage.setItem('user', JSON.stringify(userDetails));
    }

    const loginRequest = {
    scopes: process.env.VUE_APP_scopes.split(',')
    };

    const actions = {
    async login({ commit }) {
    try {
    const tokenResponse = await msalInstance.loginPopup(loginRequest);
    updateStore(commit, tokenResponse);
    } catch (error) {
    console.log(error);
    }
    },
    logout({ commit }) {
    sessionStorage.clear();
    localStorage.removeItem('user');
    commit('logout');
    router.push({ name: 'login' });
    },
    async acquireTokenSilent({ commit, dispatch }) {
    try {
    const silentRequest = {
    scopes: process.env.VUE_APP_scopes.split(','),
    account: msalInstance.getAllAccounts()[0]
    }
    const tokenResponse = await msalInstance.acquireTokenSilent(silentRequest);
    updateStore(commit, tokenResponse);
    } catch (error) {
    if (error.name === 'InteractionRequiredAuthError') {
    dispatch('login');
    } else {
    console.log(error);
    }
    }
    }
    }

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.