Reputation: 332
'MSAL' : issuer is invalid
I am migrating from ADAL to MSAL.
I have added the below config in angular 8 :
MsalModule.forRoot({
auth: {
clientId: "xxxxx",
authority: "https://login.microsoftonline.com/tenant",
validateAuthority: true,
redirectUri: window.location.href,
postLogoutRedirectUri: "http://localhost:4200/",
navigateToLoginRequestUrl: true
},
cache: {
cacheLocation: 'localStorage',
storeAuthStateInCookie: isIE, // set to true for IE 11
},
},
{
popUp: false,
consentScopes: ['Directory.AccessAsUser.All',
'user.read',
'openid',
'profile',
'User.ReadWrite',
'User.ReadBasic.All',
'User.Read.All',
'Group.Read.All',
'Directory.AccessAsUser.All'
],
unprotectedResources: ['https://www.microsoft.com/en-us/'],
protectedResourceMap,
extraQueryParameters: {}
}),
Also i am trying to validate by acquiring the token
const loginRequest = {
scopes: ['user.read','openid', 'profile'],
};
this.authService.acquireTokenSilent(loginRequest);
this.broadcastService.subscribe("msal:acquireTokenFailure", (payload) => {
console.info("acquire token failure " + JSON.stringify(payload));
});
this.broadcastService.subscribe("msal:acquireTokenSuccess", (payload) => {
console.info("acquire token success " + JSON.stringify(payload));
});
In .net side i have written the below code :
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
AuthenticationOptions authSettings = Configuration.GetSection("AzureAd").Get<AuthenticationOptions>();
options.Authority = authSettings.Authority;
options.SaveToken = true;
options.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
// Add the access_token as a claim, as we may actually need it
if (context.SecurityToken is JwtSecurityToken accessToken)
{
if (context.Principal.Identity is ClaimsIdentity identity)
{
identity.AddClaim(new Claim("access_token", accessToken.RawData));
}
}
return Task.CompletedTask;
},
OnMessageReceived = context =>
{
var accessToken = context.Request.Query["access_token"];
// If the request is for our hub...
var path = context.HttpContext.Request.Path;
if (!string.IsNullOrEmpty(accessToken) &&
((path.StartsWithSegments(SignalRHub) || path.StartsWithSegments(QuillHub))))
{
// Read the token out of the query string
context.Token = accessToken;
}
return Task.CompletedTask;
}
};
options.TokenValidationParameters = new TokenValidationParameters
{
//Both the client id and app id URI of this API should be valid audiences
ValidAudiences = new List<string> { authSettings.ClientId },
};
});
But when ever i try to hit the token i get acquire token success but in api side i get error saying that the The issuer 'https://login.microsoftonline.com/tenantid/v2.0' is invalid
What is that i am doing wrong?
Upvotes: 0
Views: 2069
Answers (1)
Reputation: 58873
Sounds like your back-end has the v1 authority configured but you are getting a v2 token. Change the authority in your API's config to:
https://login.microsoftonline.com/tenant/v2.0
Ahh, actually that might not be enough. Looks like your front-end is getting an access token for Microsoft Graph API. You need to get a token for your API, not MS Graph API. To do that, specify one or more scopes registered in the Expose an API page of your API app registration.
After you do that, you might a v1 token again. So do this one first before changing the authority.
Upvotes: 2
Related Questions
- Module '"@azure/msal-angular"' has no exported member 'MSAL_CONFIG'
- Properties do not exist on type 'MsalService'
- CORS error with MSAL, Angular and ASP.NET Core
- MSAL Angular - NullInjectorError: No provider for InjectionToken MSAL_CONFIG
- NullInjectorError: No provider for InjectionToken MSAL_GUARD_CONFIG
- Angular 11: Problem at Msal Angular V2 package
- msal-angualr returns 401 when accessing remote API
- Angular msal_angular with ASP.NET Core Web API returns invalid token invalid signature AzureAD
- Issuer is Invalid when calling ASP.NET Core 2.2 from Angular 7 (MSAL)
- Msal undefined in Angular 4.5 Service for Azure B2C authentication