Azure AD B2C error - IDX10501: Signature validation failed
我在尝试使用Azure AD B2C验证My Web API时遇到困难。
我将从一些背景开始
我创建了使用Azure AD B2C对用户进行身份验证的移动应用程序。我正在创建一个显示以下URL的WebView:
Bearer error="invalid_token", error_description="The signature key was
not found"
我认为令牌足以授权API-我理解这是OAuth的重点。我想念什么吗?我应该有一些其他配置吗?我注意到配置缺少登录策略(这似乎是AD B2C名称所必需的,因此我尝试添加以下内容:
1 2 3 4 5 6 7 8 9 10 11 | var validationParameters = new TokenValidationParameters { AuthenticationType ="MY_POLICY", }; app.UseJwtBearerAuthentication(new JwtBearerOptions { Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:TenantId"], Audience = Configuration["Authentication:AzureAd:Audience"], TokenValidationParameters = validationParameters }); |
但是这也不起作用。将不胜感激。
编辑
我在Visual Studio日志中发现以下错误:
Bearer was not authenticated. Failure message: IDX10501: Signature
validation failed. Unable to match 'kid': '...'
@juunas评论可以帮助我发现问题。我用提琴手检查了传出的请求,并通过这段代码发现了这一点:
Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:TenantId"]
请求已发送到以下地址:
https://login.microsoftonline.com/MYTENANTID/.well-known/openid-configuration
以上有两个问题:
https://login.microsoftonline.com/MYTENANTID/v2.0/.well-known/openid-configuration
我设法通过删除" Authority"参数并将其配置auth函数更改为以下内容来工作:
1 2 3 4 5 6 7 | app.UseJwtBearerAuthentication(new JwtBearerOptions { MetadataAddress = string.Format("https://login.microsoftonline.com/{0}/v2.0/.well-known/openid-configuration?p={1}", Configuration["Authentication:AzureAd:TenantId"],"MYPOLICY"), AuthenticationScheme ="MYPOLICY", Audience = Configuration["Authentication:AzureAD:ClientId"], }); |