question

VenkataModha-4491 avatar image
0 Votes"
VenkataModha-4491 asked VenkataModha-4491 answered

azure ad access token audinece and issuer are "aud": "00000003-0000-0000-c000-000000000000", "iss": "https://sts.windows.net and signature is failing.

unable to validate the signature of my access token return by azure ad. In the access token it is showing "aud": "00000003-0000-0000-c000-000000000000",
"iss": "https://sts.windows.net/mytentid. and also I changed the app's manifest variable (acessTokenAcceptedVersion to 2) but still I am getting a version 1 access token. how to change my aud and issuer and version in the access token to validate the signature. or any other alternative to validate the token with "aud": "00000003-0000-0000-c000-000000000000",
"iss": "https://sts.windows.net/mytenentid.

azure-ad-graphazure-ad-conditional-access
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
0 Votes"
michev answered VenkataModha-4491 commented

Post your "request token" function? You seem to be requesting a token against the old endpoint, use https://login.microsoftonline.com/ instead, or better yet the MSAL methods directly.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

async acquireTokenSilent({ commit, dispatch }) {
try {
const silentRequest = {
scopes: process.env.VUE_APP_scopes.split(','),
account: msalInstance.getAllAccounts()[0]
}
const tokenResponse = await msalInstance.acquireTokenSilent(silentRequest);
updateStore(commit, tokenResponse);
} catch (error) {
if (error.name === 'InteractionRequiredAuthError') {
dispatch('login');
} else {
console.log(error);
}
}
}

async login({ commit }) {
try {
const tokenResponse = await msalInstance.loginPopup(loginRequest);
updateStore(commit, tokenResponse);
} catch (error) {
console.log(error);
}
}
const msalConfig = {
auth: {
clientId: process.env.VUE_APP_clientId,
authority: process.env.VUE_APP_tenant,
redirectUri: process.env.VUE_APP_redirectUri,
},
cache: {
cacheLocation: 'sessionStorage',
storeAuthStateInCookie: false
}
}

0 Votes 0 ·
VenkataModha-4491 avatar image
0 Votes"
VenkataModha-4491 answered

const msalConfig = {
auth: {
clientId: process.env.VUE_APP_clientId,
authority: process.env.VUE_APP_tenant,
redirectUri: process.env.VUE_APP_redirectUri,
},
cache: {
cacheLocation: 'sessionStorage',
storeAuthStateInCookie: false
}
}

const msalInstance = new PublicClientApplication(msalConfig);

const updateStore = (commit, response) => {
const userDetails = {
token: response.accessToken,
name: response.account.name,
email: response.account.userName
};
commit('setUser', userDetails);
localStorage.setItem('user', JSON.stringify(userDetails));
}

const loginRequest = {
scopes: process.env.VUE_APP_scopes.split(',')
};

const actions = {
async login({ commit }) {
try {
const tokenResponse = await msalInstance.loginPopup(loginRequest);
updateStore(commit, tokenResponse);
} catch (error) {
console.log(error);
}
},
logout({ commit }) {
sessionStorage.clear();
localStorage.removeItem('user');
commit('logout');
router.push({ name: 'login' });
},
async acquireTokenSilent({ commit, dispatch }) {
try {
const silentRequest = {
scopes: process.env.VUE_APP_scopes.split(','),
account: msalInstance.getAllAccounts()[0]
}
const tokenResponse = await msalInstance.acquireTokenSilent(silentRequest);
updateStore(commit, tokenResponse);
} catch (error) {
if (error.name === 'InteractionRequiredAuthError') {
dispatch('login');
} else {
console.log(error);
}
}
}
}

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.