I am trying to validate my access token generated by my app registered on B2C, but getting an "Invalid signature" error when try to validate the token using a custom library.
I followed the instructions given in the answer session of the following thread
https://learn.microsoft.com/en-us/answers/questions/422202/access-token-validating-fails-with-jwtsecuritytoke.html
I could validate the token signature successfully when validating using a console application. When I add the same code and parameters into the custom library, the token signature is
not getting validated. What could be the issue?
My source code is in the following repository
https://github.com/suresh-babu-s/Auth.API.git
I use the following code to validate the signature.
//source code - start
private bool ValidateCurrentToken(string token, string modulus, string exponent, string issuer, string audience)
{
bool isSuccess = false;
try
{
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(
new RSAParameters()
{
Modulus = FromBase64Url(modulus),
Exponent = FromBase64Url(exponent)
});
var validationParameters = new TokenValidationParameters
{
RequireExpirationTime = true,
RequireSignedTokens = true,
ValidateAudience = true,
ValidateIssuer = true,
ValidateLifetime = true,
ValidIssuer = issuer,
ValidAudience = audience,
IssuerSigningKey = new RsaSecurityKey(rsa)
};
SecurityToken validatedSecurityToken = null;
var handler = new JwtSecurityTokenHandler();
var claimPrincipal = handler.ValidateToken(token, validationParameters, out validatedSecurityToken);
//JwtSecurityToken validatedJwt = validatedSecurityToken as JwtSecurityToken;
isSuccess = claimPrincipal.Identity.IsAuthenticated;
}
catch (Exception ex)
{
//log exception
isSuccess = false;
}
return isSuccess;
}
//source code - end