Forum Discussion
Invalid issuer o signature error in SPO Provider-Hosted AddIns
(Note: we have already verified that this is not a problem with expired client secrets)
Hi all, we are having problems with SPO Provider-Hosted Add-Ins were we are using remote event receivers...al...
We're seeing the same issue with one of our SPO Provider hosted add-ins too. Our client ID and secrets are managed via the Seller Dashboard though as it is a multi-tenant add-in. Anyone else seeing the same issue via the Microsoft Seller Dashboard?
If you are asking whether we've experienced this issue in apps that are being distributed via the AppSource, the answer is yes - that's exactly what was happening.
That being said, using the HostedAppHostNameOverride thing solved the issue for us. Was that not the case for you?
no it wasn't the case for us, as we had both client secrets coming up to expire for a client ID, I created two new client secrets via the Microsoft Partner Center seller dashboard but didn't delete the original secrets as they were still active. So we had 4 active secrets for a client ID, it seems that the SPO Provider Hosted add-ins / Azure ACS doesn't handle having 4 active secrets. Once I deleted the original 2 client secrets leaving just 2 active secrets for that client ID, everything sprung in to life!
Based on all the responses, it seems that this error can be caused by more than one thing.
Paul_Mather, I'm being curious: does it mean you had two client secrets for a single client ID? I mean by default the TokenHelper class (the one coming from MS) does support two secrets (by using the "SecondaryClientSecret" app setting), but only to make sure that an app can easily handle the period when the old secret is about to expire, and the new one hasn't been activated yet (new secrets can take some time - up to several hours, as I remember - to become "valid" - at least when they're generated manually).
You mention you had four keys in total, all for a single app - why is that?
