添加链接
link之家
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
长情的椅子  ·  excel ...·  1 年前    · 
气势凌人的西装  ·  出现 -2146959355, ...·  1 年前    · 
腹黑的西装  ·  使用GitLab ...·  1 年前    · 

I have App Services deployed in Azure which is an react application using API. Both apps have AzureAD as the authentication source. The scope I am using while requesting the token from the react app is

"api://bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/.default"

When I attach the token as bearer to an authorization header To call the API's , I get the message:

IDX10214: Audience validation failed. Audiences: 'api://bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'. Did not match: validationParameters.ValidAudience: '
bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'.

For the backend, code configuration under services.AddAuthentication the code is

.AddJwtBearer(options =>
                options.Audience = clientId;
                options.Authority = authority;

For clientId I have used both

"bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

"api://bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

I tried following other question threads like: https://learn.microsoft.com/en-us/answers/questions/1168505/azuread-token-authentication-not-checking-allowed, but it didn't work for my case.
But neither worked. What can I do to resolve this error.

Hello Mansi Vaishnav,

Thank you for posting this on the Microsoft Q&A Community.

From my understanding, you are experiencing an authentication issue due to audiences not matching.

The focus should be on the SigninAudience. The endpoint used v1.0 or v2.0, is chosen by the client and only impacts the version of id_tokens.

You need to update your Application Manifest to effect this

Follow this link https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest to get more information about the accessTokenAcceptedVersion attribute.

Let me know if further assistance is needed.

Babafemi

Thanks @Babafemi Bulugbe for your comment on this post.
IK tried changing the manifest. Json for the C# webapp, Now the audience in the token is "bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
but when I use this token to call the API's I get 403Forbidden. Any other changes needed to be done or is there any other way to resolve this issue.