Hello Pedro,
Thank you for your quick replying.
Did you fill out the site property IdentityProvider ?
Yes. I filled the site property with https://sts.windows.net/<my-tenant-id>/ .
And the validation succeeded when I used Azure AD Graph resource URI.
I revealed the error message by modifying the extension you mentioned.
(I masked some characters.)
Validate Token and User error: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.X509SecurityKey , KeyId: ie_qWCXhXxt1zIEsu4c7acQVGn4
'.
Exceptions caught:
''.
token: '{"typ":"JWT","nonce":"mg5Xq3aHzUs-i99ftq7m7xL7r2T11xJKPJ3TMM4ji1Q","alg":"RS256","x5t":"ie_qWCXhXxt1zIEsu4c7acQVGn4","kid":"ie_qWCXhXxt1zIEsu4c7acQVGn4"}.{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/bb49xxxx-xxxx-xxxx-xxxx-xxxxxx259d0b/","iat":1568941345,"nbf":1568941345,"exp":1568945245,"acct":0,"acr":"1","aio":"42FgYFip9n/uow9iXMUyaYmhalxpNQd2mh+15NjV7zfV8u7e57kA","amr":["pwd"],"app_displayname":"OS Azure AD Test","appid":"21b2xxxx-xxxx-xxxx-xxxx-xxxx0bdf757d","appidacr":"0","ipaddr":"153.236.207.97","name":"Test User","oid":"a1e3xxxx-xxxx-xxxx-xxxx-xxxx54a27f88","platf":"2","puid":"1003200067526BF1","scp":"Directory.AccessAsUser.All User.Read","sub":"a6vcMvQZf1EYx-LUCqOEdL8s-edImVlUrtdsx_adEIY","tid":"bb49xxxx-xxxx-xxxx-xxxx-xxxxc1259d0b","unique_name":"test@takasxxxxx.onmicrosoft.com","upn":"test@takasxxxxx.onmicrosoft.com","uti":"yi4vunNmm0O6mI8h0BBCAA","ver":"1.0","xms_tcdt":1493187223}'
Could you figure out what's the cause of it?
By the way, could you use Microsoft Graph resource URI instead of Azure AD Graph URI on your site?
I'd appreciate your helping me.
Thank you.
Best regards,
Moriya Takasi