Azure AD B2C - Invalid signature

Malvaro 125

Goof afternoon community,

I've created an Azure AD B2C resource and I've created a simple service principal with the following Authentications

User's image

Also, I've created a user flow And when I ran the user flow the JWT token said that I had an Invalid Signature:.

User's image

and in the claims I have this information

I've created custom roles, and I got the same issue...

Any ideas?

Thanks a lot for your help,

Cheers,

Moisés.

Sanoop M 600 Reputation points Microsoft Vendor

2025-01-20T20:27:30.0266667+00:00

Hello @Malvaro ,

Thank you for posting your query on Microsoft Q&A.

Based on your issue description, I understand that you have created an Azure AD B2C resource and you have created a simple service principal. Also, you created a user flow and when you ran the user flow the JWT token said that you had an Invalid Signature:

Please make sure to put the secret key string after: HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), enter_here_your_secret_key) as per the below Screenshot under VERIFY SIGNATURE tab and check the behavior by again running the user flow to check if the signature is verified or not.

Also please share us the Screenshot after adding the correct Secret Key under VERIFY SIGNATURE tab as mentioned in the above Screenshot.

I am looking forward to your response.

Thanks and Regards,

Sanoop Mohan
Sanoop M 600 Reputation points Microsoft Vendor

2025-01-21T21:03:33.3333333+00:00

Hello @Malvaro ,

We haven’t heard from you on the last response and was just checking back to see if you have followed the steps which I have mentioned above. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to resolve your issue.

Thanks and Regards,

Sanoop Mohan
Malvaro 125 Reputation points

2025-01-22T08:25:51.77+00:00

Sorry for my delay, I will try to reply as soon as possible.
Sanoop M 600 Reputation points Microsoft Vendor

2025-01-23T17:50:33.3133333+00:00

Hello @Malvaro ,

We haven’t heard from you on the last response and was just checking back to see if you have followed the steps which I have mentioned above. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to resolve your issue.

Thanks and Regards,

Sanoop Mohan
Sanoop M 600 Reputation points Microsoft Vendor

2025-01-24T20:05:17.4833333+00:00

Hello @Malvaro ,

We haven’t heard from you on the last response and was just checking back to see if you have followed the steps which I have mentioned above. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to resolve your issue.

Thanks and Regards,

Sanoop Mohan

1 answer

Malvaro 125 Reputation points

2025-01-31T11:01:44.2433333+00:00

Good morning,

The problem is solved. By default when you're creating a B2C User flow, you can select the Token compatibility settings -> issuer (is s) claim

The token gets this issuer and the signature can be verified by adding the value.

Weirdly, I must select it, but it worked.

Thanks for your help, and we can close the ticket.

All the best,

Moisés.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Azure AD B2C - Invalid signature

1 answer

Your answer