Azure AD JWT Token Error in .NET Core 3.1

0
votes

I have react app, which can login user via Azure AD. After that, I created from react app request into my .net core mvc app with header Authorize. But when I added [Authorize] attr into my controller, I get error:

Bearer error="invalid_token", error_description="The signature is invalid"

All I need that my backend app only check scope or role from JWT token and allow to get some data. I know that JWT is correct and react app login user without any problems.

Similar issue to this one: https://forum.ionicframework.com/t/validating-token-signatures-in-asp-net-core/108226

1
azureazure-active-directoryjwt
Did you register your API in you AD tenant?DFord
you mean my .net core app?Roma Pavliuk
Yes, your .net core appDFord
nope. I registered only my react app if i need to register net core app, I dont understand all flow... Now its react -> get token from azureAD -> add header Authorize -> net core app request net core app should only check roles and claims from jwt token and thats it. What is wrong in this flow?Roma Pavliuk
Also, do you have the correct signing key in your .net core app?DFord

1 Answers

1
votes

I summarize the comments and post it as an answer:

Usually the 401 error means that the audience of your token does not match your api. When you use the token to call the api, you will receive a 401 unauthorized error. The access token is issued based on the audience, so you must Make sure to set the scope to your api when you request the token. Of course you can also parse the token, check the aud claim, and make sure it is the api you want to call.

When you expose an api protected by Azure, then you need to set the scope to your custom api, usually api://{api app client id}/scope name, and then you need to add the client application to the api application.

enter image description here