25,203 questions
MSAL Android - JWT token failed signature validation on National Cloud
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 47%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Nick
6
Reputation points
We are using MSAL Android within a national cloud environment and are seeing the following exception.
Here are our configurations:
Gradle dependencies:
implementation 'com.microsoft.identity.client:msal:3.0.2'
implementation ('com.microsoft.graph:microsoft-graph:5.24.0') {
exclude group: 'javax.activation'
}
msal_config.json:
{
"client_id" : "whatever",
"authorization_user_agent" : "DEFAULT",
"broker_redirect_uri_registered" : false,
"account_mode" : "SINGLE",
"logging": {
"pii_enabled": true,
"log_level": "VERBOSE",
"logcat_enabled": true
},
"redirect_uri" : "msauth://whatever/whatever",
"authorities" : [
{
"type": "AAD",
"audience": {
"type": "AzureADMyOrg",
"tenant_id": "whatever"
},
"authority_url": "https://login.microsoftonline.us/common"
}
]
}
2022-05-23 18:46:26.961 29108-29108/XXX.XXX.XXX
E/AUTH: Unhandled exception authenticating
java.util.concurrent.CompletionException: com.microsoft.identity.client.exception.MsalServiceException: AADSTS900384: JWT token failed signature validation [Reason - Key was found, but use of the key to verify the signature failed., Thumbprint of key used by client: 'XXX', Found key 'Start=12/21/2020 00:00:00, End=12/21/2025 00:00:00'].
Trace ID: e91420cf-16b3-43eb-be9f-b3d53ee03d00
Correlation ID: 5483f85a-ee8e-419d-8104-e3717fe43ee2
Timestamp: 2022-05-24 14:32:29Z
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator2022-06-01T05:43:24.663+00:00 Hi @Nick ,
Thanks for reaching out and apologies for delay in response.
As you are using audience type "AzureADMyOrg" which supported "Accounts in this organizational directory only which is specific for that tenant". Did you try to replace authority URL value common with your tenant Id i.e "authority_URL": "https://login.microsoftonline.us/Enter_the_Tenant_Info_Here".
Thanks,
Shweta -
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
2022-06-13T08:23:38.803+00:00 Hi @Nick ,
Just wanted to check if above information helped. Are you able to resolve your issue?
-
Nick 6 Reputation points
2022-06-15T15:47:01.027+00:00 Hi Shweta, no. The missing config file entry that fixed the issue for us was the following:
"multiple_clouds_supported":true
The authority url is still "https://login.microsoftonline.us/common".
Thank you very much for following up.
Sign in to comment
Sign in to answer