Forum Discussion
ID token issued by AAD doesn't match public signing key
Alex_Lu Hi, is the id_token still valid? According to https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens#validating-an-id_token id_token should be within validity period, I would say (hope) that Azure AD does not rotate the keys until the id_tokens issued with previous key are still valid.
Martin
- Alex_LuJul 29, 2020Copper Contributor
Martin Rublik Thanks for the reply. Yes it was still valid. I also waited for the token to expire and requested a new token and I still didn't see any changes. It's very odd. We had to switch to SAML as we were not able to find out exactly why AAD behaved like this.
- jinsongzSep 04, 2020Copper Contributor
Alex_Lu I've run into exactly the same problem: the signing key (for the id token) does not match any of the keys pulled from the JWK uri (/discovery/v2.0/keys) while the signing key for the access token does match one. Were you able to solve it somehow? It seems not much we can do until Azure fixes it.
- Alex_LuSep 04, 2020Copper Contributor
Hi jinsongz, I'm glad someone else has encountered the same issue.
We had no choice but to switch to SAML as the rest of the companies are all SAML based clients. Our set up is to have AWS cognito as authorization server with AAD as IDP. I suggest you follow the same pattern if you have a similar set up.