Closed georgejdli closed 4 years ago
Nvm after some digging I realize I need to get a different token with a scope specific to my application registration ("
Key difference in the tokens generated seems to be the "aud" claim. For the Graph API scopes it was something generic like "0000000-03....", and that seems to have caused issues with the JWT signature verification?
@georgejdli that's right -glad you were able to solve your issue. We do have a web API sample using passport-azure-ad
if you would like to take a look.
I went through this sample and was able to access the Graph API.
I have a use case where I would like to protect my own web api by verifying the same Bearer token obtained with this flow.
My web api is using Node.js and I tried using passport-azure-ad middleware with the BearerToken strategy to protect my routes. However the token generated with PKCE flow does not seem to be compatible with the JWT verify logic from passport-azure-ad. I get an error saying the JWT has an invalid signature.
Are there any samples with Node.js where I could protect my own web apis using the Auth token obtained from this PKCE flow?