Forum Discussion
MS Teams access token signature is invalid
MicrosoftYou’re currently using Microsoft Teams SDK to retrieve the token, which is correct. Ensure this token is an ID token or access token signed by Microsoft’s identity platform. Use libraries like jsonwebtoken to validate the token in the backend against Microsoft’s public keys.
Understanding the Issuer in the Token
Endpoint Differences:
Utilizing https://sts.windows.net/{tenantId}/ often refers to tokens issued by Azure AD's v1.0 endpoint, while https://login.microsoftonline.com/{tenantId}/v2.0 refers to tokens issued by the v2.0 endpoint.
Configuration Matters:
Ensure the proper setup of your Microsoft Teams app registration to use the v2.0 endpoint if you’re planning to verify tokens against login.microsoftonline.com.
Thanks,
Prasad Das
------------------------------------------------------------------------------------------
If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.
I tried to verify using the key set at https://login.windows.net/common/discovery/keys.
This the jwks_url from
https://sts.windows.net/TENANT_ID/.well-known/openid-configuration.
The validation also fails with this key set.
I notice that the signature of the token is marked as not valid in JWT.io.
- Prasad_Das-MSFT
Hi KvDaalen , could you please check the resolutions provided in below two threads and let us know if that helps?
azure - Invalid Signature when generate bearer token - Stack Overflow
Troubleshooting “Invalid Signature” Errors in Signed JWTs with Microsoft Azure AD | by Anuj Pachauri | Medium
