相关文章推荐
不爱学习的卤蛋  ·  ZLMediaKit + ...·  1 月前    · 
眼睛小的桔子  ·  jqGrid如何传递id修改URL?_问答- ...·  7 月前    · 
有爱心的花卷  ·  vue.config.js ...·  10 月前    · 
奔跑的凳子  ·  quartz.dll bad image-掘金·  1 年前    · 
刚毅的啤酒  ·  对数据进行分组 - Tableau·  1 年前    · 
Code  ›  AzureAD Authentication: Audience validation failed[Audiences Did not match] - Microsoft Q&A
https://learn.microsoft.com/en-us/answers/questions/1640963/azuread-authentication-audience-validation-failed(
一身肌肉的菠萝
5 月前

I have App Services deployed in Azure which is an react application using API. Both apps have AzureAD as the authentication source. The scope I am using while requesting the token from the react app is 

"api://bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/.default"

When I attach the token as bearer to an authorization header To call the API's , I get the message:


IDX10214: Audience validation failed. Audiences: 'api://bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'. Did not match: validationParameters.ValidAudience: '
bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'.

For the backend, code configuration under services.AddAuthentication the code is 


.AddJwtBearer(options =>
                options.Audience = clientId;
                options.Authority = authority;

For clientId I have used both 


"bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"


"api://bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"


I tried following other question threads like: https://learn.microsoft.com/en-us/answers/questions/1168505/azuread-token-authentication-not-checking-allowed, but it didn't work for my case.  

But neither worked. What can I do to resolve this error.

			 
Hello Mansi Vaishnav,


Thank you for posting this on the Microsoft Q&A Community.


From my understanding, you are experiencing an authentication issue due to audiences not matching. 


The focus should be on the SigninAudience. The endpoint used v1.0 or v2.0, is chosen by the client and only impacts the version of id_tokens.


You need to update your Application Manifest to effect this


Follow this link https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest to get more information about the accessTokenAcceptedVersion attribute.


Let me know if further assistance is needed.


Babafemi

											
Thanks @Babafemi Bulugbe   for your comment on this post.   

IK tried changing the manifest. Json for the C# webapp, Now the audience in the token is "bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"  

but when I use this token to call the API's I get 403Forbidden. Any other changes needed to be done or is there any other way to resolve this issue.
 
推荐文章
不爱学习的卤蛋  ·  ZLMediaKit + Jessibuca实现几乎零延迟的视频播放在上一篇文章介绍了当时选取工具是对每个方案的介绍,今 - 掘金
1 月前
眼睛小的桔子  ·  jqGrid如何传递id修改URL?_问答-阿里云开发者社区
7 月前
有爱心的花卷  ·  vue.config.js 多环境配置_vue.config.js 获取环境地址-CSDN博客
10 月前
奔跑的凳子  ·  quartz.dll bad image-掘金
1 年前
刚毅的啤酒  ·  对数据进行分组 - Tableau
1 年前
今天看啥   ·   Py中国   ·   codingpro   ·   藏经阁   ·   小百科   ·   link之家   ·   卧龙AI搜索
删除内容请联系邮箱 2879853325@qq.com
Code - 代码工具平台
© 2024 ~ 沪ICP备11025650号