AzureAD Token Authentication not checking Allowed Audiences

相关文章推荐

光明磊落的高山 · python批量打印pdf文件 - CSDN文库· 2 周前 ·

开朗的长颈鹿 · Java：类名的命名规则-CSDN博客· 1 月前 ·

非常酷的匕首 · docker逃逸总结 - ...· 7 月前 ·

I have an App Service deployed in Azure which is an API using AzureAD as the authentication source. When I request an access token, I get the aud claim as the client ID of the app registration of the API. When I attach the token as bearer to an authorization header, I get the message:

IDX10214: Audience validation failed. Audiences: 'a9cxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'. Did not match: validationParameters.ValidAudience: 'api://a9cxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'.

I saw this and thought if I just populate the allowed token audiences field in the portal with just the guid, it would pass audience validation, but I've done that and validationParameters.ValidAudiences is still showing 'null' in this error message:

How can I get this authentication to pass the audience check? Thanks.

Hi @Stephen Mallin ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click Accept Answer and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks, Shweta

Hi @Stephen Mallin ,

Thanks for reaching out.

This error message is indicating that the audience claim in the token you are providing is not matching the expected audience. The audience claim in the token should match the client ID of the app registration of the API.

You can refer https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#identifieruris-attribute to check supported application ID URI formats.

If your Application ID URI does not start with api:// you'll have to make a manual change to the manifest of your application and switch to access tokens version 2.

Go in manifest of your registered application and change the value of accessTokenAcceptedVersion from null to 2.

Hope this will help.

Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.

Hello @Stephen Mallin

Thank you for posting this concern on this community space.

I was reading your case scenario issue and I was wondering if you have tried to use the following feature as it is described on the next document below:

* https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest

Let me know if that was useful but if not, I can keep assisting you further.

Looking forward to your feedback,

Cheers,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Hello @Stephen Mallin

I hope you are doing fine.

I just wanted to ask you if the previous post made was helpful to overcome this issue and if not, please let us know so, we can keep helping you further.

Looking forward to your feedback,

Cheers,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.