2

I am working a POC to verify the migration of our Signup & Signup flow to Azure AD B2C. I have successfully called the API authorize to get the access token and id token. Then I tried to call /token to refresh the token according to document , however I got the error message below.

AADB2C90090: The provided JWE is not a valid 5 segment token.\r\nCorrelation ID: ae943eb7-9290-4fd5-aeac-d56411d803c7\r\nTimestamp: 2022-10-26 07:13:40Z\r\n

Following is the url I used to get access token in Browser.

GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_signupsignin1&client_id=7adbb5f8-17d2-4dfa-94cd-5ab1cbc9f425&nonce=defaultNonce&redirect_uri=https://jwt.ms&scope=openid offline_access&response_type=code+id_token&prompt=login

Following is the screenshot I used to call token API in Postman.

POST /{tenant}.onmicrosoft.com/B2C_1_signupsignin1/oauth2/v2.0/token HTTP/1.1
Host: {tenant}.b2clogin.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 1971

grant_type=authorization_code&client_id=7adbb5f8-17d2-4dfa-94cd-5ab1cbc9f425&code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..n8murSwIYYseViQm.WluJ_gU8aUQd1PPadPik4ODSso4KpKAu8geA5NmAlkbieJPVZb30MJSHGOiUsrxfwu4BoV69bshD7URJeVNFzfqPsCjBhpYDyeL8x0uUZIJwDQ7DTiflw8A4LbYf-SzjluqbfSqDwQFGyQvKesgsrnZzyxg9AnLiL1NoBW27Kd3ZcX3i1BHKr8c--qOyxbz8DtUyIzkJGcOq79wIQZRnDCr1_xPo6EhzOi59TlEIfJhzR4qfgLm3tlgK8zDaUY5Zf3a89olfkmpvrjS84vsfDyyWM4UZe_6MpymNQFe-6Q-fJRmWqdmqdvljaDykP2ZSZJS6jHkdmU9t9aYCTWPB4JgnN1PleQDzRK-MR9WPJ5ULoxmp2VOZ_YFdY94MOGEW8c_IeNGVuPRRC8jXEaQnEWA_3Fs5tzuNe4UjQUxRTTjNeZERb1MHFPk2YGZRc4CshvqvobuGQ2fVNKFHA8JvW9Qt6Xibw0gfY8D0tTZuOP6IxPwhFSWXa5nX4j_lDeFFxhTKA38CALXQ1FVWvHZmzYhB_yMYq44jdG46lpQYB4rV9CFIBvFzJ940EPH6LpOPAnLQzLNm6zqtsVKUoB49dXE2hapIbD5LHsoNoZYeQhu8qJdhxg.8PfqgqgrubNchCs9OxHQQA%26id_token%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2NjY3NzE0MDUsIm5iZiI6MTY2Njc2NzgwNSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9iZW5ueXpob3UuYjJjbG9naW4uY29tLzUzYjRjYmY0LWU1NDYtNDU2ZS04ZTI0LTlhM2RlOGQ3ZTljYy92Mi4wLyIsInN1YiI6ImUyN2YwZGU0LTMxODItNDZlYi1iMjYzLTdkMThkOGY4OWE1OCIsImF1ZCI6IjdhZGJiNWY4LTE3ZDItNGRmYS05NGNkLTVhYjFjYmM5ZjQxNSIsIm5vbmNlIjoiZGVmYXVsdE5vbmNlIiwiaWF0IjoxNjY2NzY3ODA1LCJhdXRoX3RpbWUiOjE2NjY3Njc4MDUsIm9pZCI6ImUyN2YwZGU0LTMxODItNDZlYi1iMjYzLTdkMThkOGY4OWE1OCIsImNvdW50cnkiOiJDaGluYSIsIm5hbWUiOiJLYXJsYSIsImVtYWlscyI6WyJrYXJsYS56aGFuZ0BtYWlzY3JtLmNvbSJdLCJ0ZnAiOiJCMkNfMV9zaWdudXBzaWduaW4xIiwiY19oYXNoIjoiOU1Oc2k5b05KQzZYWjRVSkFvS0N6dyJ9.RckgULrCBdXzw-7-VYgmB7k0Ghfg1jRMsJF8_1oxLbNXTOcZDe9grbJKcpWoesHp5L5_bVfAa1HQOFzMlmPwPPvM0a2yl1zT8UQzJ_a8W4EHkA4Ao3Xt3osbjoBhRh65Nu4fCVGHswPgxZNAR_N7jr4pR6Pf4PllmKpne-bw7onz_HjpT4ulyyq8jNZye3YokPZh0ha9LaV_19NiwfnVAR451lqfugKs2DWfseXbyGlOnjFCl_UHQDOxa1_ZUTmvF1JUgff2VAOmW2925RMQopzfDjCUEvwZMLr8pKTystErvUR6a8itRAKIFwbfEh3en8PqBun9T89-5qKmmN4NTQ&client_secret=h888Q~Jlg97L2ngl6GHpaKqS6FmkLygeTVY7Eb-h

I tried to search the error message but only get two discussion threads in Stackoverflow, however no useful info found.

https://stackoverflow.com/search?q=AADB2C90090%3A+The+provided+JWE+is+not+a+valid+5+segment+token.
Benny
  • 21
  • 2

1 Answers1

0

I tried to reproduce the same in my environment and got the same error as below:

enter image description here

To generate the access token, ID token and code in the browser I used the below parameters:

GET https://Tenant.b2clogin.com/Tenant.onmicrosoft.com/B2C_1_testuserflow/oauth2/v2.0/authorize?
client_id=37cd7fca-ea8f-4300-XXXX-XXXXXXXXXX
&response_type=code+id_token
&redirect_uri=https://jwt.ms
&response_mode=fragment
&scope=openid
&state=12345

enter image description here

The error usually occurs if you pass invalid code value. To resolve the error, make sure to copy only the code value not with id token.

enter image description here

I am able to call /token to refresh the token successfully like below:

enter image description here

Rukmini
  • 6,015
  • 2
  • 4
  • 14