c# - Azure AD B2C error - IDX10501: Signature validation failed -


i'm having hard times trying use azure ad b2c authenticate web api. i'll start background

i created mobile application using azure ad b2c authenticate users. i'm creating webview display url: enter image description here

user asked login azure ad, if login data successfull i'm receiving response containing access token - part went smooth, works properly.

now want create backend web api. created asp net core web application allows me choose authentication method. choose azure ad authentication template generated required data me. relevant part in code here: enter image description here

i updated required config properties match azure settings. @ point expect able call api using access token received on mobile app. run mobile app locally, signed in, received access token, copied , tried call web api(hosted in iis express) using postman ( authorization header "bearer ..." ). unfortunately no luck - i'm receiving 401 following header:

bearer error="invalid_token", error_description="the signature key not found"

i thought token enough authorize api - understand whole point of oauth. missing ? should have additional config ? noticed config missing sign in policy ( seems required ad b2c name tried adding that:

var validationparameters = new tokenvalidationparameters         {             authenticationtype = "my_policy",          };          app.usejwtbearerauthentication(new jwtbeareroptions         {             authority = configuration["authentication:azuread:aadinstance"] + configuration["authentication:azuread:tenantid"],             audience = configuration["authentication:azuread:audience"],             tokenvalidationparameters = validationparameters         });

but didn't work too. appreciate help.

edit

i found following error in visual studio logs:

bearer not authenticated. failure message: idx10501: signature validation failed. unable match 'kid': '...'

@juunas comment me find issue. inspected outgoing requests fiddler , found piece of code:

authority = configuration["authentication:azuread:aadinstance"] + configuration["authentication:azuread:tenantid"]

the request being send following address:

https://login.microsoftonline.com/mytenantid/.well-known/openid-configuration

there 2 issues above:

  1. it's not using v2 endpoint. proper link b2c should use v2 like:

https://login.microsoftonline.com/mytenantid/v2.0/.well-known/openid-configuration

  1. it not adding sign in policy link ( if set in token options )

i managed make work removing "authority" parameter , changing configure auth function following:

app.usejwtbearerauthentication(new jwtbeareroptions {   metadataaddress = string.format("https://login.microsoftonline.com/{0}/v2.0/.well-known/openid-configuration?p={1}",        configuration["authentication:azuread:tenantid"], "mypolicy"),       authenticationscheme = "mypolicy",   audience = configuration["authentication:azuread:clientid"], });

Comments

Post a Comment

Popular posts from this blog

Command prompt result in label. Python 2.7 -

i want put result(output) of shell command label. command works, label shows "0", however, in command prompt, result shown correctly, need showed in label. doing ubuntu. myg1 = button(root, text="rodyti informacija", command=lambda: gauti()) myg1.pack(side=bottom) def gauti(): imti = tekstas.get("1.0", "end-1c") info = subprocess.call("id '{imti}' ".format(imti=imti), shell=true) w = label(root, text= info) w.pack(side = bottom) subprocess.call() returns exit code of process created (in case 0 success). if want text output of process, should instead call subprocess.check_output() .
Read more

javascript - How do I use URL parameters to change link href on page? -

i change href value of link using url parameters. example: default <a id="dlink" href="link-1">link</a> but, when user goes https://url.com/?dlink=link-2 it swaps out link new link <a id="dlink" href="link-2">link</a> first need value url. if you're not using javascript framework can create function using jquery. please check get url parameter jquery or how query string values in js it. after that, element "a" id , set value there. $("#dlink").attr("href", hreffromparam);
Read more

amazon web services - AWS Route53 Trying To Get Site To Resolve To www -

so have domain nameservers pointed aws route 53. site hosted on ec2 instance , reachable resolves site.com, if input www.site.com. i'm curious how site resolve www.site.com. have under route53 domains hosted zone 2 additional record sets outside of ns , soa: a site.com ec2 elastic ip cname www.site.com ec2 public dns i can reach site using both site.com , www.site.com, resolve site.com. there way make if enter either, resolves www.site.com? at first, both should record set. a site.com ec2 elastic ip www.site.com ec2 elastic ip and need redirect setting in web server (nginx, apache, ..) following. (source: how redirect www non-www nginx on centos 7 ) redirect non-www www if want redirect users plain, non-www domain www domain, add server block: server { server_name example.com; return 301 $scheme://www.example.com$request_uri; } save , exit. configures nginx redirect requests "example.com" "www.example.com". not
Read more