Attempting to authenticate Azure AD in Azure Function returns 401, "IDX10516: Signature validation failed."

Jason Olsan 21 Reputation points
2022-05-05T18:47:57.683+00:00

I'm attempting to build an SSO prototype using an Azure Function web API and a react-based SPA connected to Azure AD. The goal is to use "Easy Auth" (aka Azure Function integrated authentication) for my authentication on the Azure Function (https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization) with Microsoft Identity Platform as my provider.

First off, I created a React SPA using the following tutorial: https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-react
This seemed to authenticate just fine and I was able to consume the sample Graph API call.

However, once I attempted to then add the Azure Function to the mix, I ran into a problem. I used the POST call for "Client-directed sign-in" (https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-customize-sign-in-out#client-directed-sign-in) to submit my access token, but it failed.

I created a new button in the page that calls the following function:

    export async function callExampleService(idToken, accessToken) {  
        const headers = new Headers();  

        headers.append("Content-Type", "application/json");  

        const options = {  
            method: 'POST',  
            headers: headers,  
            body: JSON.stringify({ access_token: `${accessToken}` })  
        };  

        return fetch(exampleDataServiceConfig.exampleDataServiceBase.concat(exampleDataServiceConfig.postAuth), options)  
            .then(response => response.json())  
            .catch(error => console.log(error));  
    }  

Judging from the Fiddler response, it looks as though the call matched the expected POST:

POST https://
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,614 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,485 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Jason Olsan 21 Reputation points
    2022-05-06T23:13:06.08+00:00

    The issue was pretty simple after I narrowed it down.

    The problem was that I was using the accessToken to authenticate instead of the idToken. The fact that the json property was called "access_token" was a misnomer.

    1 person found this answer helpful.
    0 comments No comments

  2. Sebastian Rogers 1 Reputation point
    2023-01-27T13:46:48.5633333+00:00

    Fixed it for me too - I was supplying the access token and not the id token.

    0 comments No comments