I am using this package to authenticate the user from the react native mobile app. After acquiring the access token I am sending it to my .net WebAPI which tries to call ConfidentialClientApplication.AcquireTokenOnBehalfOf. Both the react native mobile app and the webapi are using the same client id from the azure app registration and scopes.
public async Task<AuthenticationResult> AquireTokenOnBehalfOf(IEnumerable<string> scopes, string jwt)
{
var userAssertion = new UserAssertion(jwt);
var res = await ConfidentialClientApplication.AcquireTokenOnBehalfOf(scopes, userAssertion).ExecuteAsync();
return res;
}
It returns the below error:
Microsoft.Identity.Client.MsalUiRequiredException: 'AADSTS50013: Assertion failed signature validation. [Reason - The provided signature value did not match the expected signature value., Thumbprint of key used by client: '9CEA37643ACE0D710AD63296857B251D1FCA5C48', Found key 'Start=12/21/2020 20:50:17, End=12/20/2025 20:50:17'] Trace ID: a03a5cf8-8d05-4bd2-a47a-ce3a1ce70e00 Correlation ID: 8b42b1c2-21bc-4d63-9b90-bafb81f83d32 Timestamp: 2021-02-23 14:13:26Z'
I have Azure AD app setup as per this. I am not using the JWT bearer middleware though, but rather receiving the access token from the client and using it create a UserAssertion and call ConfidentialClientApplication.AcquireTokenOnBehalfOf
Am I misconfiguring something?
Thanks
I got this working by carefully following the example here. I hadn't configured what was required in the "Expose an API" blade of the app registration and subsequently hadn't added the new api permissions.