In my application i was used Azure AD token based get the user context.
I was implemented azure ad implict flow in swagger that return token in validate and working fine. but i tried for sharepoint / JQuery / Mobile application using MSAL or ADAL Js based get the token. that token passed in header. but, the throw the error IDX10511 signature validation failed.
I search many website. i am not get how to validate the Microsoft Graph API Token.
Anyone knows please share your knowledge. or any other way to validate the Graph API signature.
in my sample code here
IList<string> validateAudience = new List<string>() { "00000003-0000-0000-c000-000000000000", $"{clientId1}", $"{clientId}", "https://graph.microsoft.com", "https://example.sharepoint.com", $"api://{clientId1}/user.read", $"api://{clientId}/user.read", $"api://{clientId}" };
var metaDataUrl = $"https://login.microsoftonline.com/{Configuration["AzureAd:TenantId"]}/.well-known/openid-configuration";
//OpenIdConnectConfiguration openidconfig = OpenIdConnectConfigurationRetriever.GetAsync(metaDataUrl, CancellationToken.None).Result;
var configManager = new ConfigurationManager<OpenIdConnectConfiguration>($"https://sts.windows.net/{TenantId}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
var openidconfig = configManager.GetConfigurationAsync().Result;
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddAzureAd(options =>
{
Configuration.Bind("AzureAd", options);
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, _ =>
{
_.Audience = Configuration["ClientId"];
_.Authority = "https://login.microsoftonline.com/{TenantId}/v2.0";
_.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{
ValidateAudience = false,
ValidAudiences = validateAudience,
ValidateIssuer = false,
ValidIssuer = "https://sts.windows.net/{TenantId}/",
ValidIssuers = new List<string>() { "https://login.microsoftonline.com/{TenantId}/v2.0", "https://sts.windows.net/{TenantId}/" },
ValidateIssuerSigningKey = false,
IssuerSigningKeys = openidconfig.SigningKeys,
RequireExpirationTime = true,
ValidateLifetime = false,
RequireSignedTokens = false,
};
_.RequireHttpsMetadata = false;
_.Events = new JwtBearerEvents
{
OnChallenge = context =>
{
return Task.CompletedTask;
},
OnMessageReceived = context =>
{
return Task.CompletedTask;
},
OnForbidden = context =>
{
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
return Task.CompletedTask;
},
OnTokenValidated = context =>
{
return Task.CompletedTask;
}
};
});
I was debugged the application MSAL and ADAL JS Based Generated token always get OnAuthenticationFailed event and it's throw exception
"IDX10511: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.X509SecurityKey, KeyId: '1E50B4475DAC931359D564309A3385FFAB7FB431', InternalId: 'f61f7746-3cff-4557-8b2c-b47fad9cf1e3'. , KeyId: 1E50B4475DAC931359D564309A3385FFAB7FB431"
Parsed JWT Token Image
thanks in advance.