I'm trying to set up a frontend React app service and a backend Node app service, which both require authentication, according to this tutorial.
I've followed the steps except that I needed to set "loginParameters": ["response_type=code id_token", "scope=openid api://<backend app id>/user_impersonation"]
instead of additionalLoginParams
since my app uses auth v2.
When my frontend app calls my backend api I get the following error
{"code":401,"message":"IDX10205: Issuer validation failed. Issuer: '[PII is hidden]'. Did not match: validationParameters.ValidIssuer: '[PII is hidden]' or validationParameters.ValidIssuers: '[PII is hidden]'."}
I don't know how to debug this as the useful information in the response is hidded and I can't find a way to show it when using Node. I have inspected the token and the issuer is https://sts.windows.net/<tenant id>/
, but I don't know what's expected or how to set ValidIssuer.
What I do for authentication code-wise is calling /.auth/me
from frontend after login to receive an access token and this token is passed to the backend api in the header as Authentication: Bearer <access_token>
. I'm expecting Azure to handle everything else according to the settings made in the linked tutorial. Is this correct?
How can I debug this issue?
EDIT
This is how the Expose an API page of backend app registration looks.
This is the data of my access token.
/.auth/me
to get my token as mentioned in the question. – Antonapi://
prefixscope=openid {back-end api client id}/.default
2. Provide me with a screenshot of your expose an api. – Carl Zhao