2

I am trying to learn tab SSO. When Microsoft teams fetch token from AAD and pass it to tab, I want to send that token to my application server using ajax and decode it at server end.

I can see client side token successfully decoded by manually copy pasting in jwt.ms

Is there any python code that can be used to do the same done by jwt.ms? I tried this but getting the following error:

jwt.exceptions.InvalidAudienceError: Invalid audience
Dev
  • 2,428
  • 2
  • 14
  • 15
Amandeep Singh
  • 1,371
  • 1
  • 11
  • 33
  • What is your audience? Parse the token to see the `aud` claim. – Carl Zhao May 05 '21 at 13:04
  • @CarlZhao I decoded the token manually in jwt.ms and found ```aud``` parameter, it is likes this ```api:///``` and when i tried decoding again with the correct audience, it was successful. Thanks a lot ! – Amandeep Singh May 05 '21 at 13:21
  • In short audience is equal to the value i set in ```Application ID URI``` in ```Expose an API```. Reference: https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso – Amandeep Singh May 05 '21 at 13:26

2 Answers2

1

Your issue has been resolved. This is an error caused by an invalid audience you are using. You must change it to the correct audience: api://<webapp-domain>/<client_id>.

This audience is actually the protected api that you expose in Azure.

Carl Zhao
  • 8,543
  • 2
  • 11
  • 19
0

Setting this solved my problem:

protectedResourceMap.set(`${my_api}`, [`${client_id}/.default`]);
Abhishek Singh
  • 33
  • 1
  • 10