Share via

How do i validate my entra token in my springboot app?

Dibya Biswal 0 Reputation points
2025-01-13T10:30:46.25+00:00

I have Fetched The jwks from the "https://login.microsoftonline.com/common/discovery/v2.0/keys" and fetched the kid from the decoded jwt and i am fetching the value correctly but when i try to validate it using public key it says "JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted." How do i proceed with this ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,827 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shikha Ghildiyal 1,855 Reputation points Microsoft Employee
    2025-01-13T11:31:11.6366667+00:00

    Hi Dibya Biswal,

    Thanks for reaching out to Microsoft Q&A.

    Can you please confirm the secret key you used to sign the JWT token is same as the one used to validate it? if not please use the same secret key for both signing and validation and check.

    Reference: https://stackoverflow.com/questions/77739264/spring-security-token-refresh-and-jwt-signature-does-not-match-locally-computed

    Please check this thread once for more guidance- https://stackoverflow.com/questions/56639392/jwt-signature-does-not-match-locally-computed-signature-jwt-validity-cannot-be

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.