Home > Net >  Expo authentication receiving invalid JWT from Azure AD
Expo authentication receiving invalid JWT from Azure AD

Time:01-07

I've been trying to add Azure authentication to a React Native Expo project, however, the JWT returned is invalid this is because the JWT's header only consists of 0.

Here is an example of the JWT

0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA

Here is my code that requests users to authenticate themselves, it uses the expo-auth-session package (Original source: https://docs.expo.dev/guides/authentication/#azure)

const config = {
    clientId: '<ClientID>',
    scopes: ['openid', 'profile', 'email', 'offline_access'],
    redirectUri: AuthSession.makeRedirectUri({
      scheme: 'com.app.scheme'
    }),
};

//AuthSession.fetchDiscoveryAsync('https://login.microsoftonline.com/common/v2.0')
AuthSession.fetchDiscoveryAsync('https://login.microsoftonline.com/<TenentID>/oauth2/v2.0/token')
.then((discovery: any) => {
    AuthSession.loadAsync(config, discovery).then(async (session: any) => {
      // Create a request.
      const request = new AuthSession.AuthRequest(config);

      // Prompt for an auth code
      const authResponse = await request.promptAsync(discovery, { useProxy: false });

      if(authResponse.type == "success"){
        console.log(authResponse); // Output response
      }
    });
});

Actual response

Object {
  "authentication": null,
  "error": null,
  "errorCode": null,
  "params": Object {
    "code": "0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA",
    "session_state": "3a4dd9ab-dc3e-4843-a83b-092508291eb3",
    "state": "S4L5Zv3s2e",
  },
  "type": "success",
  "url": "exp://127.0.0.1:19000/?code=0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA&state=S4L5Zv3s2e&session_state=3a4dd9ab-dc3e-4843-a83b-092508291eb3",
}

Has anyone else experienced this issue?

CodePudding user response:

I’ve solved my issue I was only doing one part of the Microsoft flow. As I have shown above, I was receiving a code that needed to be sent back to Microsoft AD for the required access token. See below for the endpoint used:

https://login.microsoftonline.com/<TenentID>/oauth2/v2.0/token

Here is some extra reading if you encounter this issue:

https://docs.microsoft.com/en-us/advertising/guides/authentication-oauth-get-tokens?view=bingads-13#request-accesstoken

https://github.com/pinecat/azure-ad-graph-expo#readme

Thank you for your time and information!

Page link:https//www.codepudding.com/net/253621.html

Prev:Python API using User Account to use User GCP Services (Storage, Engines, etc)
Next:How can I make this expression involving floating-point functions a compile-time constant?
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding