We have a webapplication in which users can login using O365/Oauth2.
Every 3 months (which is also the rolling time of the keys at microsoft) some people can no longer login to the application.
The error shown is:
{ "error_description": "An error occurred while attempting to decode the Jwt: Signed JWT rejected: Invalid signature", "error": "invalid_token", "error_uri": "......." }
A simple restart of the PASOE fixes this issue. Also note intermediate restarts don't help or postpone the issue.
Also this does not happen on all computers. Even with the same account. If you try this on multiple computers it will work no problem, and on others it will never work. Like said above, until we restart the PASOE, then everything works fine again.
It looks like a problem of the rolling keys.
But
Any pointers of what is happening and why and how to fix this?
Every 3 months (which is also the rolling time of the keys at microsoft) some people can no longer login to the application.
The error shown is:
{ "error_description": "An error occurred while attempting to decode the Jwt: Signed JWT rejected: Invalid signature", "error": "invalid_token", "error_uri": "......." }
A simple restart of the PASOE fixes this issue. Also note intermediate restarts don't help or postpone the issue.
Also this does not happen on all computers. Even with the same account. If you try this on multiple computers it will work no problem, and on others it will never work. Like said above, until we restart the PASOE, then everything works fine again.
It looks like a problem of the rolling keys.
But
- like already mentioned: the exact same account does work on some computers.
- If I decode the JWT token that gives the error, with some online web tools, this will say all keys are correct
- Also if I look on our server what keys are currently used, the key in the JWT does show up as a valid key
Any pointers of what is happening and why and how to fix this?
