0
votes

I have a client API which implements MSAL to fetch access token from Azure AD B2C. This API authenticates with AD B2C tenant using certificate and not secret. The issue is when I try to authenticate using root certificate which is uploaded in AD B2C and client certificate which is pass from the client API it fails with an exception.-

A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: 'FE5D9FEF5D0D528B8ED641727E903E50953D44CE', Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id 'f3bfc1b2-f1b2-4552-9145-7019c8683a41'. Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http to build a query request URL, such as 'https://graph.microsoft.com/beta/applications/f3bfc1b2-f1b2-4552-9145-7019c8683a41'] Trace ID: 59cf24e3-96bb-48ca-8d4b-f8cf0e5d0e00 Correlation ID: 496261ed-31c3-46c1-9fdb-a59c966ddf3d Timestamp: 2020-12-28 08:16:12Z

1
Explain in detail what you setup, and how you generated your client_assertion. The error states that the assertion is signed by a certificate that isn’t registered against the servicePrincipal (enterprise application in the azure portal).Jas Suri - MSFT

1 Answers

0
votes

As far as I know, this error is usually caused by the fact that you did not encode the thumbprint correctly. After you obtain the thumbprint, please check your code to ensure that it is properly Base64 encoded.