search

music-tribe / azadjwtvalidation

6 stars 1 forks source link

Azure Active Directory token verification error: crypto/rsa: verification error #9

Open alapierre opened 1 year ago

alapierre commented 1 year ago

I'm trying to use this plugin with Azure AD. My token is valid - I can login with it to my application and I check it on https://jwt.ms/ - but token failed VerifyPKCS1v15 with error crypto/rsa: verification error.

My test look like that:

azureJwtPlugin.config.KeysUrl = "https://login.microsoftonline.com/...................................../discovery/v2.0/keys"
    err := azureJwtPlugin.GetPublicKeys(azureJwtPlugin.config)
    if err != nil {
        t.Fatalf("%v", err)
    }

token := "...."

request := httptest.NewRequest("GET", "/testtoken", nil)
request.Header.Set("Authorization", "Bearer "+token)
extractedToken, err := azureJwtPlugin.ExtractToken(request)
assert.NoError(t, err)

err = azureJwtPlugin.ValidateToken(extractedToken)
assert.NoError(t, err) // -> failed here
alapierre commented 1 year ago

according to this post https://learn.microsoft.com/en-us/answers/questions/1277303/help-me-how-to-verify-azure-ad-token-in-jwt-io - some type of Azure AD tokens (probably most of them) can't be verify offline.

To verify token online this endpoint should be call:

GET https://graph.microsoft.com/v1.0/me
Authorization: Bearer ...........

To check groups end roles:

GET https://graph.microsoft.com/v1.0/me/memberOf
Authorization: Bearer ...........

Could you add possibility to verify tokens online in this plugin?