Reputation: 1901
Using Microsoft Graph token to secure ASP.NET Core Web API with Jwt Bearer tokens
We have an ASP.NET Core Web API that I want to secure with Microsoft Graph Access token. The graph token is valid and I can do graph call it works fine.
However, If I try to access the ASP.NET Core Web API which is configured with JWT Bearer authentication, it gives the following error.
Bearer error="invalid_token", error_description="The signature key was not found
Am I missing some configurations to configure or this is a problem with graph token? Here is how the authentication is configured.
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false, // For multi tenant
ValidateIssuerSigningKey = false,
ValidateAudience = false // This is for testing
};
});
The same configurations works fine with Azure AD Access Token.
Upvotes: 3
Views: 1924
Answers (1)
Reputation: 27588
We have an ASP.NET Core Web API that I want to secure with Microsoft Graph Access toke
No , i suggest register your web api as a resource which protected by Azure AD .
Microsoft Graph API token is used to access the Microsoft Graph , Microsoft Graph's server side will validate the claims/signature after receiving the JWT token . In addition , i remember Microsoft Graph API access tokens are signed different from the JWT tokens which issued from AAD . So let Microsoft Graph API server side to validate the token and the token should not be used to protected other API .
Your client app could uses the OpenID Connect middleware and the Active Directory Authentication Library (ADAL.NET) to obtain a JWT bearer token for the signed-in user using the OAuth 2.0 protocol. The bearer token is passed to the web API, which validates the token and authorizes the user using the JWT bearer authentication middleware :
Calling a web API in an ASP.NET Core web application using Azure AD
Upvotes: 2
Related Questions
- How to validate Microsoft Graph API jwt access_token and secure your API?
- Microsoft.Graph C#: Make an API request programmatically
- How to retrieve an MS Graph access token for a .NET Core Web API without user sign in
- Secure ASP.Net Core 3.1 API with Bearer Tokens from Azure AD
- GraphQL authentication with Asp.net core using JWT
- Asp-Net-Core WebApi Authentication using Azure ActiveDir oAuth2.0 JWT Token Microsoft Graph
- Facebook JWT authentication using ASP.NET Core Web API
- Getting Access Token for Microsoft Graph from asp.net core Authentication web app
- ASP.NET Core 2.0 Web API Azure Ad v2 Token Authorization not working
- Graph authentication using validated JWT