Bearer error="invalid_token", error_description="The signature is invalid"
I have a angular application that request a token from azure. The login went well and I get a token. This token is now send from the angular app to a net core webapi application. Net core should verify this token but failed. I think the webapi should also contact azure to validate the token because it has no knowledge of the private and public key that is needed to verify the token.
At the moment it is not clear why it is failing. Both angular app and the webapi are running local on my computer.
The error is: Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: 'IDX10500: Signature validation failed. No security keys were provided to validate the signature.'
my net core 2 config is:
var tokenValidationParameters = new TokenValidationParameters
{
RequireExpirationTime = true,
RequireSignedTokens = false,
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidIssuer = "8d708afe-2966-40b7-918c-a39551625958",
ValidateAudience = true,
ValidAudience = "https://sts.windows.net/a1d50521-9687-4e4d-a76d-ddd53ab0c668/",
ValidateLifetime = false,
ClockSkew = TimeSpan.Zero
};
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Audience = "8d708afe-2966-40b7-918c-a39551625958";
options.ClaimsIssuer = "https://sts.windows.net/a1d50521-9687-4e4d-a76d-ddd53ab0c668/";
options.RequireHttpsMetadata=false;
options.TokenValidationParameters = tokenValidationParameters;
options.SaveToken = true;
});
Answer
That is quite a lot of configuration you have :)
The two mandatory settings are the Audience and Authority:
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(o =>
{
o.Audience = "8d708afe-2966-40b7-918c-a39551625958";
o.Authority = "https://login.microsoftonline.com/a1d50521-9687-4e4d-a76d-ddd53ab0c668/";
});
You are missing the Authority so it does not know where to load the signing public keys from.