Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
JWT verification not working with tenant JWKS url
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 18%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
Brett Dudo
0
Reputation points
I'm using Entra to get a JWT from https://login.microsoftonline.com/[tenantID]/oauth2/v2.0/authorize. It looks great. Decoding it shows all the claims one would expect - scope, email, yada yada.
I've tried the following JWKS endpoints with no success
- https://login.microsoftonline.com/common/discovery/keys
- https://login.microsoftonline.com/common/discovery/v2.0/keys
- https://login.microsoftonline.com/[tenantID]/discovery/keys
- https://login.microsoftonline.com/[tenantID]/discovery/v2.0/keys
- all of these, along with an appid parameter
I've tried with the js library jwks-rsa and by leveraging Vault to verify - both fail with invalid signature. Anyone had any luck verifying JWTs issued by Entra (without an application).
Azure App Configuration
Sign in to answer