Library
- @azure/msal-browser": "^2.1.0
Description
I followed the example and get Bearer error="invalid_token", error_description="The signature key was not found"
error in response when SPA request profile info from backend API, and I have no idea on how to resolve this because I checked everything and all looks good
What I Have Done
I modified backend's port number to 5001 (https, dev-cert
installed), and I can confirm everything bellow is correct
The backend API route path is /api/profile/
- SPA application
- registered in AAD
- client ID acquired
- redirect URL for oauth added to AAD
- API permission added (Backend API's "access_as_user")
authConfig.js
fully configured, as followed:
export const msalConfig = {
auth: {
clientId: "SPA'sclient ID",
authority: "https://login.microsoftonline.com/consumers",
redirectUri: "http://localhost:3000"
}
}
export const apiConfig = {
resourceUri: "https://localhost:5001/api/profile",
resourceScope: "api://Backend API's client ID/access_as_user"
}
- Backend API application
- registered in AAD
- client ID acquired
- client secret acquired
- API permission added (for graph API) to AAD
- API exposed for SPA, named "access_as_user", in AAD
- Manifest file added SPA's client ID into list of
KnownClientApplications
appsettings.json
fully configured, as followed:
"AzureAd": {
"Domain": "my account domain in AAD",
"ClientId": "Backend API's client ID",
"ClientSecret": "Backend API's secret",
"Instance": "https://login.microsoftonline.com/",
"TenantId": "my tenant ID"
},
Error Info
The error occurs after a successful login, that when react SPA tries to call backend API to get profile info, the frontend logging is like this (I added logging info myself):
App.js:18 CLICK LOGIN
authProvider.js:116 DO SIGN IN
authProvider.js:78 HANDLE RESPONSE
authProvider.js:91 ACQUIRING TOKEN
App.js:21 SIGN IN FINISHED
ProfileContainer.jsx:25 TOKEN ACQUIRED
serviceActions.js:9 TRY TO GET PROFILE, SENDING ACCESS TOKEN TO BE
serviceActions.js:10 GET https://localhost:5001/api/profile/XXXX (401 Unauthorized)
I can see the token Bearer XXXX
in the request header when SPA tries to GET profile info from backend, and the failed request's response is:
www-authenticate: Bearer error="invalid_token", error_description="The signature key was not found"
The Token I Acquired in SPA
Here is a sample parsed token info that I acquired (after the successful login) and sent to backend API:
{
"typ": "JWT",
"alg": "RS256",
"kid": "XXXX"
}
{
"ver": "2.0",
"iss": "https://login.microsoftonline.com/XXXX/v2.0",
"sub": "XXXX",
"aud": "I can confirm the audience here is backend API's client ID",
"exp": 1601190191,
"iat": 1601186291,
"nbf": 1601186291,
"name": "my name",
"preferred_username": "my email",
"oid": "my profile ID",
"tid": "XXXX",
"azp": "XXXX",
"scp": "access_as_user",
"azpacr": "0",
"aio": "XXXX"
}
Any help would be really appreciated! I have been stuck on this for too long :(