0

Steps to Reproduce

  1. Acquiring Graph Token
  2. Using this graph token to get onbehalfoftoken for other resource say "b" using user assertion and client credentials.
  3. It is throwing following error: {"AADSTS50013: Assertion failed signature validation. [Reason - The provided signature value did not match the expected signature value., Thumbprint of key used by client: 'XXXXXXXXXXXXXXXXXXX', Found key 'Start=12/21/2020 20:50:17, End=12/20/2025 20:50:17']\r\nTrace ID: 74bcb05c-e716-40dd-9c1c-b7bbf4c1a600\r\nCorrelation ID: d1141819-1bf6-4662-831e-6c95a3bd2a71\r\nTimestamp: 2021-06-02 12:48:37Z"}
Nayan
  • 1
  • 2

1 Answers1

0

Ms graph api cannot be used as Middle-tier api, you cannot use graph api to call other api resources.

If you want to use the middle-tier api to call other api resources, you can expose the protected api as the middle-tier api in Azure, and then use this api to call other api resources.

Regarding how to configure api in Azure and how to use OBO flow to obtain token, you can refer to my previous answer.

Carl Zhao
  • 8,543
  • 2
  • 11
  • 19