Monday, September 19, 2016

Invalid JWT token. Could not resolve issuer token.

For the second time in three years. I have had the pleasure of encounter a "Invalid JWT token. Could not resolve issuer token." Error. The error comes from a provider-hosted add-in which worked fine the day before. The last time I got the error, I ended up recreate my client ID and client secret both in SharePoint online and need to update my web.config. But this year I was keen on finding a solution! After some time to even understand the error message. I found this article "Replace an expiring client secret in a SharePoint Add-in" https://msdn.microsoft.com/en-us/library/office/dn726681.aspx. Article goes step-by-step how to update your client secret. I have updated the script, as I allready knew my add-in name.

#set the name of my add-in
$displayName = "governanceapp"
Connect-MsolService
$appentry = Get-MsolServicePrincipal -all  | ? { $_.DisplayName -eq $displayName}
$principalId = $appentry.AppPrincipalId
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
New-MsolServicePrincipalCredential -AppPrincipalId $principalId -Type Symmetric -Usage Sign -Value $newClientSecret
New-MsolServicePrincipalCredential -AppPrincipalId $principalId -Type Symmetric -Usage Verify -Value $newClientSecret
New-MsolServicePrincipalCredential -AppPrincipalId $principalId -Type Password -Usage Verify -Value $newClientSecret
#this go into the web.config
$newClientSecret