Azure AD B2C token validation failed

Question

Azure AD B2C token validation failed

Opened this issue 7 years ago · 0 comments

Hi,
I followed the article "https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-oidc" for Azure AD B2C SigIn and SignUp policy implementation .

How can i validate Azure AD B2C Token with jwks_uri which returns keys

{
"keys": [{
"kid": "IdTokenSigningKeyContainer",
"use": "sig",
"kty": "RSA",
"e": "AQAB",
"n": "tLDZVZ2Eq_DFwNp24yeSq_Ha0MYbYOJs_WXIgVxQGabu5cZ9561OUtYWdB6xXXZLaZxFG02P5U2rC_CT1r0lPfC_KHYrviJ5Y_Ekif7iFV_1omLAiRksQziwA1i-hND32N5kxwEGNmZViVjWMBZ43wbIdWss4IMhrJy1WNQ07Fqp1Ee6o7QM1hTBve7bbkJkUAfjtC7mwIWqZdWoYIWBTZRXvhMgs_Aeb_pnDekosqDoWQ5aMklk3NvaaBBESqlRAJZUUf5WDFoJh7yRELOFF4lWJxtArTEiQPWVTX6PCs0klVPU6SRQqrtc4kKLCp1AC5EJqPYRGiEJpSz2nUhmAQ"
},
{
"kid": "IdTokenSigningKeyContainer.v2",
"nbf": 1459289287,
"use": "sig",
"kty": "RSA",
"e": "AQAB",
"n": "s4W7xjkQZP3OwG7PfRgcYKn8eRYXHiz1iK503fS-K2FZo-Ublwwa2xFZWpsUU_jtoVCwIkaqZuo6xoKtlMYXXvfVHGuKBHEBVn8b8x_57BQWz1d0KdrNXxuMvtFe6RzMqiMqzqZrzae4UqVCkYqcR9gQx66Ehq7hPmCxJCkg7ajo7fu6E7dPd34KH2HSYRsaaEA_BcKTeb9H1XE_qEKjog68wUU9Ekfl3FBIRN-1Ah_BoktGFoXyi_jt0-L0-gKcL1BLmUlGzMusvRbjI_0-qj-mc0utGdRjY-xIN2yBj8vl4DODO-wMwfp-cqZbCd9TENyHaTb8iA27s-73L3ExOQ"
},
{
"kid": "t8zPAboFkCJ9b-nFJzzyIikJgSJAkA2p08ykwRY_1Ao",
"nbf": 1490400391,
"use": "sig",
"kty": "RSA",
"e": "AQAB",
"n": "0zUbv8BsDgbMlKthHcA0Eeg-KWR1ePtIZViJczircJ8E_BVvWKxeXutPOw1MC7J1V8eZFViN_8iJVDKl4vER2sb-tdpLQNm9qsJBRTokdLSu9YbjHGUzL55GanujGOBj4k2RGKy1GbEiUpXkYML1DjyPyHEG3Ex_N8ylZ7vdFpjeWX8yzkCd8AjulPdF84bbEau-pW7XW4V58K9I9BDILBemDiJAR8xb5erupeCs7fCMhLliSeMJQQUyCim4S-tuRD6xiNs4LfEyZtSNnC1ujRcOnWHsWdJFj-NYyrojhaDLC3GAZ0DJlqyznsuKMuYWJPT9KUkXi4bpAmDLA8oFFQ"
},
{
"kid": "X5eXk4xyojNFum1kl2Ytv8dlNP4-c57dO6QGTVBwaNk",
"nbf": 1493763266,
"use": "sig",
"kty": "RSA",
"e": "AQAB",
"n": "tVKUtcx_n9rt5afY_2WFNvU6PlFMggCatsZ3l4RjKxH0jgdLq6CScb0P3ZGXYbPzXvmmLiWZizpb-h0qup5jznOvOr-Dhw9908584BSgC83YacjWNqEK3urxhyE2jWjwRm2N95WGgb5mzE5XmZIvkvyXnn7X8dvgFPF5QwIngGsDG8LyHuJWlaDhr_EPLMW4wHvH0zZCuRMARIJmmqiMy3VD4ftq4nS5s8vJL0pVSrkuNojtokp84AtkADCDU_BUhrc2sIgfnvZ03koCQRoZmWiHu86SuJZYkDFstVTVSR0hiXudFlfQ2rOhPlpObmku68lXw-7V-P7jwrQRFfQVXw"
}
]
}

i also tried the Faderation metadata document but token is not validating.
Below mention code for validation signature is not working.

public validateSignature(token): Observable {
/* Retrieve from federated metadata endpoint.
In this sample, the document was downloaded locally */

    return this.httpService.get("./app/metadata/metadata.xml")
        .map((res: Response) => {
            let dom = (new DOMParser()).parseFromString(res.text(), "text/xml");
            let json = xml2json(dom, "");
            let cert = "-----BEGIN CERTIFICATE-----" + JSON.parse(json).EntityDescriptor[0]["ds:Signature"]["KeyInfo"]["X509Data"]["X509Certificate"] + "-----END CERTIFICATE-----";
            let key = KEYUTIL.getKey(cert);
            return KJUR.jws.JWS.verifyJWT(token, key, { alg: ['RS256'] });
        });
}

can you please help me to validate token.