I need to get OAuth2 Access Token from Azure Active Directory. For this, I am using certificate based method. I have uploaded .crt file to Azure AD and got the certificate thumbprint from the Azure AD UI.
Now I am generating JWT token from JWT.io and trying it using postman. But I always get the following error: "AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client"
I am not sure what could be causing this. In JWT.io I am entering Base64 encoded thumbprint of public certificate (which I uploaded on Azure AD) as x5t parameter. This thumbprint I got from Azure portal UI as mentioned above.
In JWT.io I am entering public (crt) and private (key) certificates under "Verify Signature" and can see that the signature has matched.
Please let me know if anyone has any idea about this.
As far as I know, this error is usually caused by the fact that you did not encode the thumbprint correctly. After you obtain the thumbprint, please check your code to ensure that it is properly Base64 encoded.
Check the format of your JWT token at https://jwt.io/, you can refer to this and certificate credentials:
Header
{
"alg": "RS256",
"typ": "JWT",
"x5t": "<Base64 Thumbprint>"
}
Payload
{
"iss": "<clientid>",
"sub": "<clientid>",
"exp": 1570838377 (expiration time),
"jti": "<random unique identifier>",
"aud": "https://<token-endpoint>"
}
Drop your private key in to the bottom verify-er which will sign your JWT in the "Encoded" window.
I found some cases for your reference, I hope it can help you: https://community.dynamics.com/crm/f/microsoft-dynamics-crm-forum/320069/authentication-to-dynamics-365-using-azure-apps and https://github.com/AzureAD/passport-azure-ad/issues/453