Home > Mobile >  Azure B2C Invalid Jwt Signiture
Azure B2C Invalid Jwt Signiture

Time:08-02

I'm using azure b2c and upon successful authentication, I've set it to redirect to jwt.io. The Token Header I'm seeing there is

{
    "typ": "JWT",
    "alg": "RS256",
    "kid": "[censored]"
}

And all the claims are returned in the body, so that part is fine i guess. But when I scroll to the bottom i have the following error message:

Invalid Signature

When I scroll back up and change the algorithm to any ha algorithm, it works.

If I understand correctly, azure is sending out a ha decodable jwt but saying it's a rs256? I've read that azure only supports ha tokens for custom policies, which i don't have.

Any help is appreciated :] Thank You!

CodePudding user response:

It's described here.

You need to get the key from the B2C .well-known/openid-configuration endpoint and then paste it in as per the article.

  • Related