Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
AuthenticationTokenInvalid
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 28.999999999999996%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQL%3C/text%3E%3C/svg%3E)
qian liu
11
Reputation points
Hello, I am a developer of Kingsoft Office, which is connected to your company's uwp payment. Now, I have encountered a problem and hope to get help! When calling the interface https://purchase.mp.microsoft.com/v6.0/b2b/keys/renew, the following error response body will appear. Currently, about 9000 pieces of such user data are affected
The response body is as follows
{
"code":"Unauthorized",
"data":[
],
"details":[
],
"innererror":{
"code":"AuthenticationTokenInvalid",
"data":[
],
"details":[
],
"innererror":{
"code":"B2B key",
"data":[
],
"details":[
],
"message":"IDX10501: Signature validation failed. Unable to match key: \nkid: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'. \nNumber of keys in TokenValidationParameters: '0'. \nNumber of keys in Configuration: '3'. \nExceptions caught:\n '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. \ntoken: '[PII of type 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'."
},
"message":"Authentication token supplied is invalid"
},
"message":"The client is not authorized to perform the requested operation.",
"source":"PurchaseFD"
}
Microsoft Security | Microsoft Entra | Microsoft Entra ID
-
qian liu 11 Reputation points
2022-08-22T12:25:20.733+00:00 The absence of kid happened before December 2021, I don't know why the data before this time cannot refresh the store id
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur 30,456 Reputation points Microsoft Employee Moderator2022-08-23T10:17:41.26+00:00 Hi @qian liu ,
Thanks for reaching out.
Based on the error message, this usually come due to providing an invalid token.
Did you tried to decode the token using jwt.ms and verify the kid in token to verify against the public key generated by https://login.microsoftonline.com/{tenant_id}/discovery/keys?appid={client_id}You can also add IdentityModelEventSource.ShowPII = true in your code to get more insights of this error.
Thanks,
Shweta -
Shweta Mathur 30,456 Reputation points Microsoft Employee Moderator
2022-09-05T05:57:50.097+00:00 Hi @qian liu ,
Any updates on this?
-
qian liu 11 Reputation points
2022-09-06T02:59:23.02+00:00 First, the address of https://www.jwt.ms/ can be parsed successfully. Secondly, only a small number of users have data problems. Most users' data can be authenticated successfully, which can basically rule out server-side program problems.
Sign in to comment
Sign in to answer