0

I am trying to consume a web service. I need to get the token and send this token in the authorization header, I am getting the token but in the server there is a problem because the token is v1 and they are working with v2.

This is the url I am using to get the code

https://login.microsoftonline.com/tenant/oauth2/v2.0/authorize?response_type=code&client_id=cliendId&redirect_uri=redirectURI&scope=openid+profile

and this the url to get the token

https://login.microsoftonline.com/tenant/oauth2/v2.0/token with the code of the first callout in the authorization header.

This callout return a token, but when I send the token to the ws I need to consume I get an error and when asked about the error they told me that the token I am sending is v1 and is needs to be v2.

This is my token iss iss: "https://sts.windows.net/tenant/

But needs to be: iss: "https://login.microsoftonline.com/tenant/v2.0

The error on my site is:

Status=Unauthorized, StatusCode=401 Bearer error="invalid_token", error_description="The signature is invalid"

And in the server is:

Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler(Information): Bearer was not authenticated.

Do you have any work around to get the v2 token.

Improve this question
2
  • Please mention the error information you are getting Commented Jun 8, 2020 at 16:56
  • I just update the post with the errors. Commented Jun 8, 2020 at 17:12

2 Answers 2

Reset to default
0

You need to set your App Registration to use v2 endpoint.

The Microsoft document which can help you is here.i.e., to force AzureAD to issue V2 access token to some custom WebApi is to explicitly set in its manifest accessTokenAcceptedVersion to 2.0

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Sounds like you may be getting the default token (with a 'nonce' field in the JWT header) which is designed to be used by the Graph API and will always fail validation in your own API.

The Azure AD 2.0 setup is pretty confusing but I have a blog post and some code that may help you. See steps 3 and 7 of the blog post to understand differences in the two types of access token:

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.