添加链接 注册    登录
link之家
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
调皮的番茄  ·  野狐岭之战_百度百科·  5 月前    · 
怕考试的木瓜  ·  超地下偶像 - 萌娘百科 万物皆可萌的百科全书·  8 月前    · 
爱热闹的梨子  ·  贪官:"如果可重来,就是金山银山我都不会动心"·  11 月前    · 
鼻子大的日记本  ·  马斯克发内部信要求提升产量:2020年总销量 ...·  1 年前    · 
聪明伶俐的煎鸡蛋  ·  MacBook ...·  1 年前    · 
link之家  ›  AzureAD Authentication: Audience validation failed[Audiences Did not match] - Microsoft Q&A
https://learn.microsoft.com/en-us/answers/questions/1640963/azuread-authentication-audience-validation-failed(
一身肌肉的菠萝
4 月前

I have App Services deployed in Azure which is an react application using API. Both apps have AzureAD as the authentication source. The scope I am using while requesting the token from the react app is 

"api://bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/.default"

When I attach the token as bearer to an authorization header To call the API's , I get the message:


IDX10214: Audience validation failed. Audiences: 'api://bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'. Did not match: validationParameters.ValidAudience: '
bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'.

For the backend, code configuration under services.AddAuthentication the code is 


.AddJwtBearer(options =>
                options.Audience = clientId;
                options.Authority = authority;

For clientId I have used both 


"bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"


"api://bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"


I tried following other question threads like: https://learn.microsoft.com/en-us/answers/questions/1168505/azuread-token-authentication-not-checking-allowed, but it didn't work for my case.  

But neither worked. What can I do to resolve this error.

			 
Hello Mansi Vaishnav,


Thank you for posting this on the Microsoft Q&A Community.


From my understanding, you are experiencing an authentication issue due to audiences not matching. 


The focus should be on the SigninAudience. The endpoint used v1.0 or v2.0, is chosen by the client and only impacts the version of id_tokens.


You need to update your Application Manifest to effect this


Follow this link https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest to get more information about the accessTokenAcceptedVersion attribute.


Let me know if further assistance is needed.


Babafemi

											
Thanks @Babafemi Bulugbe   for your comment on this post.   

IK tried changing the manifest. Json for the C# webapp, Now the audience in the token is "bxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"  

but when I use this token to call the API's I get 403Forbidden. Any other changes needed to be done or is there any other way to resolve this issue.
 
推荐文章
调皮的番茄  ·  野狐岭之战_百度百科
5 月前
怕考试的木瓜  ·  超地下偶像 - 萌娘百科 万物皆可萌的百科全书
8 月前
爱热闹的梨子  ·  贪官:"如果可重来,就是金山银山我都不会动心"
11 月前
鼻子大的日记本  ·  马斯克发内部信要求提升产量:2020年总销量目标为50万辆_新浪财经_新浪网
1 年前
聪明伶俐的煎鸡蛋  ·  MacBook Pro无法与恢复服务器取得联系? - 知乎
1 年前
今天看啥   ·   Py中国   ·   codingpro   ·   藏经阁   ·   小百科   ·   link之家   ·   卧龙AI搜索
删除内容请联系邮箱 2879853325@qq.com
link之家 - 链接快照平台
© 2024 ~ 沪ICP备11025650号