You’re offline. This is a read only version of the page.
5
Since There are two ways to create the app
Share
Report1) App Registrations(Legacy)
2) App Registrations
After creating the app test-app-13 from any of the above two places, I uploaded the same public certificate file from two places below-:
1) AzureActiveDirectory-> AppRegistrations(Legacy) -> test-app-13->Settings->Keys->Upload public key
header = {
"alg": "RS256",
"typ": "JWT",
"x5t": "oO/ImH7U2wcypCvrY+iYalHOOmg="
};
When I am using "x5t": "oO/ImH7U2wcypCvrY+iYalHOOmg=" then authentication works.
2) AzureActiveDirectory-> AppRegistrations -> test-app-13-> Certificates & secrets -> Upload certificate
header = {
"alg": "RS256",
"typ": "JWT",
"x5t": "A0EFC8987ED4DB0732A42BEB63E8986A51CE3A68"
};
But when I am using "x5t": "A0EFC8987ED4DB0732A42BEB63E8986A51CE3A68" then I keep getting error
{
"error":"invalid_client",
"error_description":"AADSTS700027: Client assertion contains an invalid
signature. [Reason - The key was not found., Thumbprint of key used by
client:
'0341050BCF7CEC40F80C1D3BDF6038D81101EB713CF7CE80E75084DC0EBC', Please
visit 'https://developer.microsoft.com/en-us/graph/graph-explorer'
and query for
'https://graph.microsoft.com/beta/applications/2e452b20-df6d-4228-
83c6-5742b1a8f59c' to see configured keys]\r\nTrace ID: 0a77a624-
684d-4145-9ce5-d19e1b6ccb00\r\nCorrelation ID: 09254eb4-6128-4e18-a
bf6-70b5e9a68960\r\nTimestamp: 2019-05-09 12:39:29Z",
"error_codes":[700027],
"timestamp":"2019-05-09 12:39:29Z",
"trace_id":"0a77a624-684d-4145-9ce5-d19e1b6ccb00",
"correlation_id":"09254eb4-6128-4e18-abf6-70b5e9a68960"
}
My question is why "x5t": "A0EFC8987ED4DB0732A42BEB63E8986A51CE3A68I" not working if uploading the public certificate from
path AzureActiveDirectory-> AppRegistrations -> test-app-13->Settings-> Certificates & secrets -> Upload certificate and
why the value of customKeyIdentifier is generated differently from these two places?
*This post is locked for comments
Hi Seb
The new value you’re seeing for customKeyIdentifier is the thumbprint, just hex-encoded. If you take that value and convert it to base64, you should be able to authenticate with it.
Hope it helps.
Thanks
Anand
Hi anandkgpt03,
hope you are doing well. I just come cross your post. Actually, I spent ours to figure out, why I cannot authenticate by certificate to request a token.
Everything looked fine.
I am very happy, that I found your post.
Unfortunately, I can confirm the behavior you have described. The authentication won´t work with the Custom Key Identifier generated in the new "App registration" when upload the certificate there.
Have found out a reason or did you leave it as is.
Thanks in advance
Seb
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,240
Super User 2024 Season 2
#2
Martin Dráb
230,188
Most Valuable Professional
#3
nmaenpaa
101,156
All responses (
Answers (