IDX10501: Signature validation failed. kid: '[PII is hidden]', token: '[PII is hidden]' - Azure B2C
I have created a sample application where the user can authenticate with Azure B2C which works fine. I get back the Token and the AuthenticationResult. Both are Ok. But I want to get back the ClaimPrincipal from the token. To do this I have added the System.IdentityModel.Tokens.Jwt (5.4.0) nuget package to the project.
With the following code I try to achieve:
string Token = "eyJ0eXAiOiJKV1QiLCJhbGciO*****"; //long token
JwtSecurityTokenHandler jwt = new JwtSecurityTokenHandler();
var validateParams = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{
ValidIssuer = Authority, //https://login.microsoftonline.com/tfp/MYTEANANTNAME.onmicrosoft.com/MYPOLICYNAME/v2.0/"
ValidAudience = clientId, //CLIENTID: Like: b430xxxx-xxxx-xxxx-xxxx-f5c33cxxxxxx
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuer = true,
};
SecurityToken secToken;
var claimPrincipal = jwt.ValidateToken(Token, validateParams , out secToken);
But all the time when the ValidateToken is hit it throws the following exception:
IDX10501: Signature validation failed. Unable to match keys:
kid: '[PII is hidden]',
token: '[PII is hidden]'.
Do you have any advice how I should resolve this issue?
In this case the application is a .net core console app, but in the end this code will be in an WPF application.
Answer
You can get a more detailed error when you set the following flag. This will replace the [PII is hidden] (aka: Personal Identifiable Information) with the actual error.
IdentityModelEventSource.ShowPII = true;