JWT validation failure error in azure apim

二次信任 提交于 2021-01-28 05:25:45

问题


I am currently trying to implement Oauth2.0 to protect API using below documentation

https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

And currently using the DEMO CONFERENCE API provide by azure apim to test the implementation.

And currently receiving error during test in developer portal as :

"message": "JWT Validation Failed: Claim value mismatch: aud=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxx.."

Compared the token passed with the claim value by decoding it and its matching.

I have the jwt token validation policy as below

<inbound>
        <base />
        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-expiration-time="false" require-signed-tokens="false">
            <openid-config url="https://login.microsoftonline.com/xxxxxxxxx-07c8-xxxxx-xxxx-xxxxxxxxx/.well-known/openid-configuration" />
            <required-claims>
                <claim name="aud" match="all" separator="-">
                    <value>xxxxxxxx-xxxxx-489e-a26e-xxxxxxxx</value>
                </claim>
            </required-claims>
        </validate-jwt>
</inbound>

回答1:


First, you need to validate your JWT token. Then when we register an application its getting registered with version V1 and Access token issuer comes with sts url and if we try to pass Access Token with V2 its failed V2 issuer is login.microsoft.com.

So fix is to go in manifest file "accessTokenAcceptedVersion": 2 for registered applications in AD. Refer to this issue.



来源:https://stackoverflow.com/questions/57703697/jwt-validation-failure-error-in-azure-apim

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!