I'm using Azure AD B2C for authentication for my NodeJS API. However, I keep receiving a 401 Unauthorized error by Azure AD B2C. When I add ignoreExpiration: true
to my AAD auth options, I do not get a 401 Unauthorized error and my API works fine. However, once I remove the ignoreExpiration, I get the 401 Unauthorized error.
I even generated a new token, verified that it is valid (and not expired) by decoding the token using https://jwt.io/. I even made sure it has the correct scope.
The API is running on my machine for now as I'm testing it using POSTMAN. Can someone please help? Here is what my AAD options looks like:
var aad_auth_options = { identityMetadata: process.env.AADMetadataEndpoint,
clientID: process.env.ClientId,
audience: process.env.AADAudience,
isB2C: true,
validateIssuer: false,
loggingLevel: 'info',
passReqToCallback: false,
policyName: process.env.PolicyName,
// ignoreExpiration: true, //When uncommented, the authentication works as expected!
loggingNoPII: false
}