Tokens generated by the Microsoft services [Azure AD, O365] fails with an Invalid token in JWT Validation Policy

QUESTION

The JWT token generated by the Microsoft services [Azure AD, O365] fails with an Invalid token in the Mulesoft layer when applied through the JWT Policy

{
  "error": "Invalid token."
}

ANSWER

Below are a few of the scenarios that can cause the issue:

• The token is generated without a defined scope, causing the failure
• There could be a mismatch in the version of URI used for the token generation and token validation

If the scenarios listed match your use case, please define the scope when generating the token or configure appropriate endpoints for validation for fixing the issue.

ADDITIONAL INFORMATION

When the token generated is verified in jwt.io the token would have an Invalid Signature. However, if the same token is validated in jwt.ms the token would be valid. Please check the response of jwt.io to ensure compatibility with MuleSoft policy execution.