[英]Azure B2C Bearer error=“invalid_token”, error_description=“The signature key was not found”
I took the Microsoft sample which is using client_credentials flow https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/tree/master/2-Call-OwnApi我采用了使用 client_credentials 流https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/tree/master/2-Call-OwnApi的 Microsoft 示例
and modified it using my values exactly as the guide says but i still get the following error when i try to access my API并完全按照指南所说的那样使用我的值对其进行了修改,但是当我尝试访问我的 API 时仍然出现以下错误
Bearer error="invalid_token", error_description="The signature key was not found" Bearer error="invalid_token", error_description="未找到签名密钥"
Any ideas what might be wrong here?任何想法这里可能有什么问题?
If you want to do some troubleshooting, you can drop the access token JWT into jsonwebtoken.io 232 and get the kid field from the jwt header. If you want to do some troubleshooting, you can drop the access token JWT into jsonwebtoken.io 232 and get the kid field from the jwt header. After you get the kid, you can check your authorization server's keys by going to https://[my okta org].com/oauth2/default/v1/keys
得到孩子后,您可以通过访问https://[my okta org].com/oauth2/default/v1/keys 检查授权服务器的密钥
This will give you the list of public keys by ID.这将为您提供按 ID 的公钥列表。 Hope this information helps you troubleshoot.
希望这些信息可以帮助您解决问题。 Let me know if you still have problems: Check a couple things for me:
如果您仍有问题,请告诉我:帮我检查几件事:
1: Are you setting the issuer in your widget / auth js? 1:您是否在您的小部件/auth js 中设置发行者? 2. If you are, is the issuer the same as your default authorization server?
2. 如果是,发行者是否与您的默认授权服务器相同? 3. Double check that the [my okta url] is correct
3. 仔细检查 [my okta url] 是否正确
I solved it by using the console application sample that Microsoft provided together with the Web API sample that microsoft provided as well, together they both work, i should't have tried to write my own code, its very tricky if you miss a tiny piece.我通过使用 Microsoft 提供的控制台应用程序示例以及 Microsoft 提供的 Web API 示例一起解决了这个问题,它们都可以工作,我不应该尝试编写自己的代码,如果你错过了一小部分,这将非常棘手. One thing i want to add, Microsoft says using api://GUID format as a scope, that seems wrong, or did not work with me,what worked is full url of the exposed API + /.default example
One thing i want to add, Microsoft says using api://GUID format as a scope, that seems wrong, or did not work with me,what worked is full url of the exposed API + /.default example
https://mydomain.onmicrosoft.com/myapiname , that works just fine. https://mydomain.onmicrosoft.com/myapiname ,效果很好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.