Bearer error="invalid_token", error_description="The signature key was not found" about ms-identity-javascript-angular-tutorial HOT 9 CLOSED

@jeevasusej no you can't. You'll need an access token for your web API (the aud claim in the token will be the clientId of your web API, and scp claim will be its scope that you've exposed during app registration).

The sample is already configured to do this (see the doc). In auth-config.ts, we have the protectedResources object:

export const protectedResources = {
  todoListApi: {
    endpoint: "https://localhost:44351/api/todolist",
    scopes: ["Enter_the_Web_Api_Scope_here"], // e.g. "api://<service-app-client-id>/access_as_user"
  },
}

Then in app.module.ts, we set protectedResourceMap object:

export function MSALInterceptorConfigFactory(): MsalInterceptorConfiguration {
  const protectedResourceMap = new Map<string, Array<string>>();

  protectedResourceMap.set(protectedResources.todoListApi.endpoint, protectedResources.todoListApi.scopes);

  return {
    interactionType: InteractionType.Redirect,
    protectedResourceMap
  };

from ms-identity-javascript-angular-tutorial.

Thank you @derisen

from ms-identity-javascript-angular-tutorial.

Also, when checking my JWT token, the KID (Key Id) is not present in the list I get from:

https://login.microsoftonline.com/{my tenant id}/discovery/v2.0/keys

it is only present when I request:
https://login.microsoftonline.com/{my tenant id}/discovery/v2.0/keys?appid={my api client id}

from ms-identity-javascript-angular-tutorial.

@peterbomdev this is an error I haven't encountered before. As a first step, can you confirm that:

• you have trusted the development certificates (see)
• you have set the accessTokenAcceptedVersion to 2 in your web API registration

Please also share your configuration files for SPA (auth-config.ts) and web API projects (appsettings.json), masking any client secrets.

from ms-identity-javascript-angular-tutorial.

This issue has not seen activity in 14 days. If your issue has not been resolved please leave a comment to keep this open. It will be closed in 7 days if it remains stale.

from ms-identity-javascript-angular-tutorial.

Yeah, I have gone with hectic days because of this issue.

Can you please post your client side code?

To be worked as expected, need to use like
Instead of the scope " scopes: ['openid', 'profile', 'User.Read']"
I have used scopes: ['openid', 'api://xxxxxxxxxxx/access_as_user']

User.Read adds nonce. Because of this, the token become invalid.

from ms-identity-javascript-angular-tutorial.

@jeevasusej ok that explains. You were sending the wrong access token to your web API, hence you got the "The signature key was not found" error. User.Read is a scope for Microsoft Graph, so the access token you get for that scope won't work for your web API. api://xxxxxxxxxxx/access_as_user is the scope you need to get an access token for to be able to call your backend.

When you request an access token, all the scopes you enter should belong to the same resource. If the scopes are mixed, you'll get an access token only for the first one. See this doc for more.

Let me know if you have any other issue.

from ms-identity-javascript-angular-tutorial.

Yes @derisen. Thank you for your explanation.
I have mixed the scope and got the token for the graph API not for the web api . That's why I have asked him to post the client side code.
Because of that I have lost many hours to find it. I missed to see your information from the DOC.

In any case, can we use the token for web api that is intended for the Graph API?

from ms-identity-javascript-angular-tutorial.

Closing this. Let us know if you have any other issues.

from ms-identity-javascript-angular-tutorial.