Bearer error="invalid_token", error_description="The issuer is invalid"

[daver77]

Hi,

Has anyone successfully used the token from an Angular6 app against a .NET Core Web API?

When I try I get the error _WWW-Authenticate: Bearer error="invalid_token", errordescription="The issuer is invalid"

In my Startup.cs I have:

            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(options =>
            {
                options.Authority = "https://login.microsoftonline.com/common";
                options.Audience = "[application id]";
                options.TokenValidationParameters.ValidateLifetime = true;
                options.TokenValidationParameters.ClockSkew = TimeSpan.Zero;
            });

            services.AddAuthorization();

My API is

    [Authorize]
    [Route("api/[controller]")]
    public class ProjectController : Controller
    {

I can see that the bearer token is being passed to my API in the Authorization header

[daver77]

I decoded my token and noticed that "iss" was set to

https://sts.windows.net/[AzureAD_DirectoryID]

so I set

options.Authority = "https://sts.windows.net/[AzureAD_DirectoryID]";

and now my API authenticates.

Does anyone know why the issuer is https://sts.windows.net when adal.js defaults to https://login.microsoftonline.com?

[geerzo]

Check out this blog. It looks like the endpoints changed to login.microsoftonline.com but the issuer stayed the same at sts.windows.net.

Let me know if I can close this issue.

[geerzo]

Closing due to lack of response and it looking like a non-issue.

[TracyGH]

Thank you, thank you, thank you!!! I spent so many hours troubleshooting this issue.