I have a mobile app built with ionic 3. I have a web api built with ASP.Net Core. I am trying to authenticate users against our Azure Active Directory tenant, but have been unsuccessful so far. I am using cordova-plugin-ms-adal and @ionic-native/ms-adal.
I have two apps registered with AAD (MobileApp as a native app and WebAPI as a web app/api). I am able to authenticate with AAD using the following code:
let context = this.msAdal.createAuthenticationContext("https://login.microsoftonline.com/common");
context.acquireTokenAsync(parent.config.resourceUri, parent.config.clientId, parent.config.redirectUri, userID, parent.config.queryParams)
.then(authCompletedCallback)
.catch((e: any) => console.log('Authentication failed', e));
}
This successfully brings up the microsoft AAD login screen, and then I get a token back, which I can translate using jwt.io to look like this:
{
"aud": "https://crm.advtis.com/",
"iss": "https://sts.windows.net/[my-tentant-id]/",
"iat": 1507559003,
"nbf": 1507559003,
"exp": 1507562903,
"acr": "1",
"aio": "ASQA2/8FAAAATCdl0Upc7HOvqfvEXmDy7geoc3GHx5e+jwxtbvvN8+I=",
"amr": [
"pwd"
],
"appid": [my-app-id],
"appidacr": "0",
"e_exp": 262800,
"family_name": "Walter",
"given_name": "Philip",
"ipaddr":[address],
"name": "Philip Walter",
"oid": "49838dcd-e6af-4f21-9b50-d9bc434dee9d",
"onprem_sid": "S-1-5-21-2694580895-890097088-1073055783-4610",
"scp": "user_impersonation",
"sub": "bOZ4xeO5pjXbg2hLnZAJzVVX_HfYZv6fjtQq0YaEKts",
"tid": [our-tenant-id],
"unique_name": "pwalter@advtis.com",
"upn": "pwalter@advtis.com",
"ver": "1.0"
}
So when I turn around and send this token over to the web api, I get a 401 Unauthorized error, saying WWW-Authenticate: Bearer error="invalid_token", error_description="The signature is invalid"
.
I have tried several things over multiple days turning into more than a week now. I know this isnāt an ASP.Net forum, but I thought someone might have some experience with this. I can provide more info like code from the web api as necessary. Any help would be appreciated!
Philip