问题
I used MSAL JS for authenticating user & thereafter calling acquireTokenPopup(scopes) for Access Token.
I am getting the access token, but cannot use it as it says Invalid Signature. (checked in jwt.io too - same error)
Over the forum I found it is due to Graph adding nonce. What will be the solution? Please help.
Following is the code.
tenantConfig = {
scopes: ["directory.read.all"]
};
this.clientApplication.acquireTokenSilent(this.tenantConfig.scopes).then( function (accessToken) {
},
function (error) {
console.log(error);
this.clientApplication
.acquireTokenPopup(this.tenantConfig.scopes)
.then(
function (accessToken) {
console.log("access token " + accessToken);
},
function (error) {
alert(error);
}
);
}
);
回答1:
This doesn't matter. Just change the algorithm to HS256 in jwt.io, then the signature will be verified.
The access token should be ok. Just make sure you have added Diretory.Read.All permission on Azure portal and granted admin consent.
'
Reference:
Call Graph API from a JavaScript Single Page Application using msal.js
回答2:
Your scopes parameter should be "[CLIENT_ID]/.default" When using MSAL.js and if you are not using graph api:
var requestObj = {
scopes:["[CLIENT_ID]/.default"]
};
If you intent to use the graph api the scopes parameter is different:
var ResourceId = "https://graph.windows.net/";
var scopes = [ ResourceId + "Directory.Read", ResourceID + "Directory.Write"];
The example here https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-javascript-spa uses graph api and generate a specific token for graph api, change the scopes parameter if you need to generate an access token for other uses.
More information on scopes parameter: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-v1-app-scopes#scopes-to-request-access-to-all-the-permissions-of-a-v10-application
来源:https://stackoverflow.com/questions/59709423/invalid-signature-error-for-access-token-azure-active-directory-msal-js