When I get a token by authorization code (authContext.acquireTokenByAuthorizationCode
), I get a JWT (idToken) that is signed and has the proper headers:
{
"typ": "JWT",
"alg": "RS256",
"x5t": "wLLmYfsqdQuWtV_-hnVtDJJZM3Q",
"kid": "wLLmYfsqdQuWtV_-hnVtDJJZM3Q"
}
but when I use the refresh token to get a new token (authContext.acquireTokenByRefreshToken(...)
), it returns an unsigned JWT:
{
"typ": "JWT",
"alg": "none"
}
How do I get it to give me a signed JWT?
return authContext.acquireTokenByRefreshToken(
refreshToken,
new ClientCredentials(
clientId,
clientSecret
),
null
);
I did not reproduce your issue on my side. I followed this tutorial to get
Authentication code
and acquireaccess token
andrefresh token
with below code successfully. Please refer to it.Decode:
Update Answer:
Firstly, sorry for the mistake. I replaced
getIdToken
withgetAccessToken
, the result is as same as you.Then I searched the response parameters in Authorize access to Azure Active Directory web applications using the OAuth 2.0 code grant flow, you could find the statement ofid_token
parameter.So, the id token just a segment which can't be relied on. If you want to get the complete id token, please refer to the openId flow.