Hi @Smith, Larry (L.G.) ,
Thanks for reaching out.
The reason for getting this error is due to invalid signature.
Signature contains the digital signature of the token that was generated by Azure AD’s private key and verify that the token was signed by the sender.
To validate the authenticity of the JWT token’s data is by using Azure AD’s public key to verify the signature.
You can obtain public key by calling the public Azure AD OpenID configuration endpoint: https://login.microsoftonline.com/{tenant_id}/discovery/keys?appid={client_id} and verify against the private key (kid) generated by Azure AD token.
In case of multi-tenant application, it should be https://login.microsoftonline.com/common/discovery/keys
If it works, you know the contents were signed with the private key. If not, you can’t be sure of it so you should treat the JWT token as an invalid token and throws the Signing and verification RSA keys do not match error by catching InvalidSignatureException.
For validation, developers can also decode JWTs using jwt.ms .
Hope this will help.
Thanks,
Shweta
---------------------------
Please remember to "Accept Answer" if answer helped you.