Forum Discussion
Invalid issuer o signature error in SPO Provider-Hosted AddIns
(Note: we have already verified that this is not a problem with expired client secrets)
Hi all, we are having problems with SPO Provider-Hosted Add-Ins were we are using remote event receivers...al...
no it wasn't the case for us, as we had both client secrets coming up to expire for a client ID, I created two new client secrets via the Microsoft Partner Center seller dashboard but didn't delete the original secrets as they were still active. So we had 4 active secrets for a client ID, it seems that the SPO Provider Hosted add-ins / Azure ACS doesn't handle having 4 active secrets. Once I deleted the original 2 client secrets leaving just 2 active secrets for that client ID, everything sprung in to life!
Based on all the responses, it seems that this error can be caused by more than one thing.
Paul_Mather, I'm being curious: does it mean you had two client secrets for a single client ID? I mean by default the TokenHelper class (the one coming from MS) does support two secrets (by using the "SecondaryClientSecret" app setting), but only to make sure that an app can easily handle the period when the old secret is about to expire, and the new one hasn't been activated yet (new secrets can take some time - up to several hours, as I remember - to become "valid" - at least when they're generated manually).
You mention you had four keys in total, all for a single app - why is that?
Hello Slawomir Bryk ,
The app was only using 2 but we had 4 in the seller dashboard registered against that client ID for a limited time whilst we were updating. Removed 2 from the seller dashboard for that client ID and the application started to work.
Paul
Hi Paul_Mather
For how long did you wait before it started to work after you removed the two client secrets from the seller dashboard?
