none
Audience validation failed. RRS feed

  • Question

  • Something wrong with my token???

    Failed to validate access token with following errors.

    {
        "code": 401,
        "message": "IDX10214: Audience validation failed. Audiences: '[PII is hidden]'. Did not match: validationParameters.ValidAudience: '[PII is hidden]' or validationParameters.ValidAudiences: '[PII is hidden]'."
    }

    Friday, July 5, 2019 11:03 AM

All replies

  • I created a App in AAD, and i configured my WebApp service authentication to "Log in with Azure Active Directory" with the created App.

    Account in my organization can login successfully via signing from Browser.

    But when i tried to call the service from Postman after getting token successfully,

    it returns following result:

    {

        "code": 401,
        "message": "IDX10214: Audience validation failed. Audiences: '[PII is hidden]'. Did not match: validationParameters.ValidAudience: '[PII is hidden]' or validationParameters.ValidAudiences: '[PII is hidden]'."
    }

    Does anyone could help figure out what configuration I missed in my registered App??

    Any suggestion would be appreciated.



    Friday, July 5, 2019 7:23 AM
  • This usual happens if you have a different audience on the token generation and validation. 

    Can you share some more of your code so we can see where this is happening?

    See related issues:

    http://www.decatechlabs.com/secure-webapi-using-jwt

    https://stackoverflow.com/questions/54271439/identityserver4-failed-to-validate-the-token


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Friday, July 5, 2019 7:12 PM
    Moderator
  • I'm merging this thread since it appears to be a duplicate.

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Friday, July 5, 2019 7:47 PM
    Moderator
  • There is no code. I add AAD for my web app in Azure Portal

    Here are my steps:

    1. I created an web app 'myService'

    2. I opened AAD for the web app via creating new AD app 'myServiceAADapp'

    3. View the AD app 'myServiceADApp', its redirect url is 'https://myService.azurewebsites.net/.auth/login/aad/callback' and then I enabled 'Access Tokens' in grant implicit.

    4. I create new client secret for AD app

    5. Use the client ID and secrent to get the token back successfully.

    6. to call 'https://myService.azurewebsites.net' and it returns the message.

    I think there should be some configuration missed, but no idea what i miss

    Monday, July 8, 2019 10:53 AM
  • Hey Daniel,

    It sounds like you're trying to use Easy Auth with an Azure App Service. 

    Please refer to the official docs here : https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-auth-aad

    Have you properly added the bearer token to x-ms-token-aad-access-token? 

    And are you sure you don't have any authorize attributes in your Azure App Service code? As the App Service's easy auth module is supposed to handle all of the authorization before it hits your app service.

    Thanks! 

    Tuesday, July 16, 2019 5:17 PM
    Moderator
  • I'm following up on this, please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Thanks
    Friday, July 26, 2019 9:39 PM
    Moderator