azure ad access token audinece and issuer are "aud": "00000003-0000-0000-c000-000000000000", "iss": "https://sts.windows.net and signature is failing.

Question

question

VenkataModha-4491 asked Apr 29, '22 VenkataModha-4491 answered May 2, '22

azure ad access token audinece and issuer are "aud": "00000003-0000-0000-c000-000000000000", "iss": "https://sts.windows.net and signature is failing.

unable to validate the signature of my access token return by azure ad. In the access token it is showing "aud": "00000003-0000-0000-c000-000000000000",
"iss": "https://sts.windows.net/mytentid. and also I changed the app's manifest variable (acessTokenAcceptedVersion to 2) but still I am getting a version 1 access token. how to change my aud and issuer and version in the access token to validate the signature. or any other alternative to validate the token with "aud": "00000003-0000-0000-c000-000000000000",
"iss": "https://sts.windows.net/mytenentid.

azure-ad-graph azure-ad-conditional-access

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2022-04-29T11:37:54.303Z

michev answered Apr 29, '22 VenkataModha-4491 commented Apr 29, '22

Post your "request token" function? You seem to be requesting a token against the old endpoint, use https://login.microsoftonline.com/ instead, or better yet the MSAL methods directly.

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VenkataModha-4491 · Apr 29 at 12:19 PM

async acquireTokenSilent({ commit, dispatch }) {
try {
const silentRequest = {
scopes: process.env.VUE_APP_scopes.split(','),
account: msalInstance.getAllAccounts()[0]
}
const tokenResponse = await msalInstance.acquireTokenSilent(silentRequest);
updateStore(commit, tokenResponse);
} catch (error) {
if (error.name === 'InteractionRequiredAuthError') {
dispatch('login');
} else {
console.log(error);
}
}
}

async login({ commit }) {
try {
const tokenResponse = await msalInstance.loginPopup(loginRequest);
updateStore(commit, tokenResponse);
} catch (error) {
console.log(error);
}
}
const msalConfig = {
auth: {
clientId: process.env.VUE_APP_clientId,
authority: process.env.VUE_APP_tenant,
redirectUri: process.env.VUE_APP_redirectUri,
},
cache: {
cacheLocation: 'sessionStorage',
storeAuthStateInCookie: false
}
}

0 ·

Answer 2 · 2022-05-02T05:28:32.97Z

VenkataModha-4491 answered May 2, '22

const msalConfig = {
auth: {
clientId: process.env.VUE_APP_clientId,
authority: process.env.VUE_APP_tenant,
redirectUri: process.env.VUE_APP_redirectUri,
},
cache: {
cacheLocation: 'sessionStorage',
storeAuthStateInCookie: false
}
}

const msalInstance = new PublicClientApplication(msalConfig);

const updateStore = (commit, response) => {
const userDetails = {
token: response.accessToken,
name: response.account.name,
email: response.account.userName
};
commit('setUser', userDetails);
localStorage.setItem('user', JSON.stringify(userDetails));
}

const loginRequest = {
scopes: process.env.VUE_APP_scopes.split(',')
};

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

question