Got access token using azure.identity
ClientSecretCredential
client credential flow but when trying to decode using the PyJwt library giving me the below error.
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
decoding like below:
jwt.decode(
token,
client_secret, # same client secret used in generating the access token
options={"verify_signature": True},
algorithms=["RS256"],
)
If i keep the verify_signature to false then i'm able to decode. Also tried passing issue and audience while decoding but didnt work.
issuer="https://login.microsoftonline.com/<tenant-id>/",
aud="<client_id>"
I tried in my environment and got the below results:
You can use the below code to decode the access token using the
PyJwt
library.Code:
Output:
If you are using MS Graph API scopes
https://graph.microsoft.com/.default
the results JWT would contain a "nonce" in JWT Header and is not meant to be validated.So, I created it with my own API as like below:
Reference:
Using an Azure AD tenant ID - and a valid token issued for a 'app registration'. The signature verification is is failing - Stack Overflow by Rukmini.