This post is a contribution from Pavan Kumar, an engineer with the SharePoint Developer Support team
Recently worked with a customer who had deployed a Provider hosted App to their Sharepoint O365 tenant and the remote web was an IIS website which was OnPremise. The App worked fine for a while and it started to fail after sometime with following error
Invalid issuer or signature.
at Microsoft.IdentityModel.S2S.Tokens.JsonWebSecurityTokenHandler.VerifySignature(String signingInput, String signature, String algorithm, SecurityToken signingToken)
at Microsoft.IdentityModel.S2S.Tokens.JsonWebSecurityTokenHandler.ReadTokenCore(String token, Boolean isActorToken)
at ECompliance.ApplicationForms.TokenHelper.ReadAndValidateContextToken(String contextTokenString, String appHostName)
at ECompliance.ApplicationForms.TokenHelper.GetClientContextWithContextToken(String targetUrl, String contextTokenString, String appHostUrl)
at ECompliance.ApplicationForms.Masters.AppInitiator.Page_Load(Object sender, EventArgs e)
By executing below command we identified that the Client Secret had expired
Get-MsolServicePrincipalCredential -AppPrincipalID "<ClientID>
as outlined in this
We created a new Client Secret and used that in the web.config file of the Remote Web, but the issue persisted.
We used below command to remove all the client secrets which were already available including the expired one.