Hi All,
I have written the same code which is in the document (https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-net-client-assertions). I was able to generate the client assertion, but when test it in the postman to get the access token, I am getting the below error:
{
"error": "invalid_client",
"error_description": "AADSTS700027: The certificate with identifier used to sign the client assertion is not registered on application. [Reason - The key was not found., Thumbprint of key used by client: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id 'xxxxxxxxxxxxxxxxxxxxxxxxxx'. Review the documentation at https://learn.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://learn.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http to build a query request URL, such as 'https://graph.microsoft.com/beta/applications/xxxxxxxxxxxxxxxxxxxxx'].\r\nTrace ID: cb24f62e-410b-4ce0-bef5-b4b28d1f8001\r\nCorrelation ID: 987a0c7a-3be6-4b0b-8f66-39ce19294f91\r\nTimestamp: 2022-07-04 07:47:39Z",
"error_codes": [
700027
],
"timestamp": "2022-07-04 07:47:39Z",
"trace_id": "cb24f62e-410b-4ce0-bef5-b4b28d1f8001",
"correlation_id": "987a0c7a-3be6-4b0b-8f66-39ce19294f91",
"error_uri": "https://login.microsoftonline.com/error?code=700027"
}
Some suggested to pass the base64 url encoded format of the certificate's thumbprint in the x5t body parameter, but though I am getting the same error.
Also referred the solution from https://learn.microsoft.com/en-us/answers/questions/346048/how-to-get-access-token-from-client-certificate-ca.html.
@sikumars-msft @Givary-MSFT