无法针对 Microsoft Graph API 颁发的令牌验证 Azure AD B2C 的签名
Azure AD B2C's signature cannot be validated for tokens issued by Microsoft Graph API
三天来,我一直在尝试为以下代码验证 Graph API 令牌时遇到的异常找到解决方案:
var configManager = new ConfigurationManager<OpenIdConnectConfiguration>(
$"{_authenticationSettings.Authority}/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever());
var config = await configManager.GetConfigurationAsync();
_validationParameters = new TokenValidationParameters
{
IssuerSigningKeys = config.SigningKeys,
ValidateAudience = true,
// Audience MUST be the app ID aka clientId
ValidAudience = _authenticationSettings.ClientId,
ValidateIssuer = true,
ValidIssuer = config.Issuer,
ValidateLifetime = true
};
var tokenHandler = new JwtSecurityTokenHandler();
var result = tokenHandler.ValidateToken(authHeader.Parameter, _validationParameters, out var jwtToken);
调用ValidateToken
时出现异常,如下:
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException:
'IDX10511: Signature validation failed. Keys tried:
'System.Text.StringBuilder'. kid: 'System.String'. Exceptions
caught: 'System.Text.StringBuilder'. token:
'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.'
我真的 运行 不知道为什么会发生这种情况。有解决此问题的想法或建议吗?
包是:
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.8.0" />
<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="6.8.0" />
甚至也没有定论
从图中验证令牌 API 与标准 OIDC 令牌有点不同。
有关详细信息,请参阅以下内容:
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/609
图 API 令牌不能也不应该被验证,因此签名验证失败。请参阅 this answer on GitHub。
三天来,我一直在尝试为以下代码验证 Graph API 令牌时遇到的异常找到解决方案:
var configManager = new ConfigurationManager<OpenIdConnectConfiguration>(
$"{_authenticationSettings.Authority}/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever());
var config = await configManager.GetConfigurationAsync();
_validationParameters = new TokenValidationParameters
{
IssuerSigningKeys = config.SigningKeys,
ValidateAudience = true,
// Audience MUST be the app ID aka clientId
ValidAudience = _authenticationSettings.ClientId,
ValidateIssuer = true,
ValidIssuer = config.Issuer,
ValidateLifetime = true
};
var tokenHandler = new JwtSecurityTokenHandler();
var result = tokenHandler.ValidateToken(authHeader.Parameter, _validationParameters, out var jwtToken);
调用ValidateToken
时出现异常,如下:
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: 'IDX10511: Signature validation failed. Keys tried: 'System.Text.StringBuilder'. kid: 'System.String'. Exceptions caught: 'System.Text.StringBuilder'. token: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.'
我真的 运行 不知道为什么会发生这种情况。有解决此问题的想法或建议吗?
包是:
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.8.0" />
<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="6.8.0" />
甚至
从图中验证令牌 API 与标准 OIDC 令牌有点不同。
有关详细信息,请参阅以下内容: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/609
图 API 令牌不能也不应该被验证,因此签名验证失败。请参阅 this answer on GitHub。