We are using v8.1.3 and configured OAuth authentication module with Azure IDP for web portal. In the logs, we are seeing that idtoken has been acquired but it is failing at token verification error.
Certificate: Using JWK endpoint configured in the identity provider.
2020-09-30 11:49:58.3560 TRACE ( ObjectLog 5gyeswz33q0uvh1psa5msp2l) : Getting JSON Web Keys from URL login.microsoftonline.com/.../keys
2020-09-30 11:49:58.4810 TRACE ( ObjectLog 5gyeswz33q0uvh1psa5msp2l) : Got following certificate from JWK:
ID: "jibNbkFSSbmxPYrN9CFqRk4K4gw"
ID: "jibNbkFSSbmxPYrN9CFqRk4K4gw"
ID: "kg2LYs2T0CTjIfj4rt6JIynen38"
ID: "kg2LYs2T0CTjIfj4rt6JIynen38"
ID: "M6pX7RHoraLsprfJeRCjSxuURhc"
ID: "M6pX7RHoraLsprfJeRCjSxuURhc"
ID: "18pnMg3UmrWvBK_tkDAbjgM5CmA"
ID: "18pnMg3UmrWvBK_tkDAbjgM5CmA"
2020-09-30 11:49:58.4810 TRACE ( ObjectLog 5gyeswz33q0uvh1psa5msp2l) : Scope value 'openid' found -> using Open ID Connect
2020-09-30 11:49:58.4810 TRACE ( ObjectLog 5gyeswz33q0uvh1psa5msp2l) : Got id_token, verifying it.
2020-09-30 11:49:58.4810 ERROR ( ObjectLog 5gyeswz33q0uvh1psa5msp2l) : Messages from token validation:
[Informational]9/30/2020 3:49:58 PM IDX12716: Decoding token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' into header, payload and signature.
[Informational]9/30/2020 3:49:58 PM IDX10242: Security token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' has a valid signature.
[Informational]9/30/2020 3:49:58 PM IDX10239: Lifetime of the token is valid.
[Informational]9/30/2020 3:49:58 PM IDX10234: Audience Validated.Audience: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[Informational]9/30/2020 3:49:58 PM IDX10236: Issuer Validated.Issuer: 'login.microsoftonline.com/.../v2.0'
[Informational]9/30/2020 3:49:58 PM IDX10246: ValidateTokenReplay property on ValidationParameters is set to false. Exiting without validating the token replay.
2020-09-30 11:49:58.4810 ERROR ( ObjectLog 5gyeswz33q0uvh1psa5msp2l) : Failed to verify token. System.FormatException: Input string was not in a correct format.
at System.Text.StringBuilder.FormatError()
at System.Text.StringBuilder.AppendFormatHelper(IFormatProvider provider, String format, ParamsArray args)
at System.String.FormatHelper(IFormatProvider provider, String format, ParamsArray args)
at System.String.Format(IFormatProvider provider, String format, Object[] args)
at Microsoft.IdentityModel.Logging.IdentityModelEventSource.PrepareMessage(EventLevel level, String message, Object[] args)
at Microsoft.IdentityModel.Logging.IdentityModelEventSource.WriteInformation(String message)
at Microsoft.IdentityModel.Logging.LogHelper.LogInformation(String message, Object[] args)
at Microsoft.IdentityModel.Tokens.TokenValidationParameters.CreateClaimsIdentity(SecurityToken securityToken, String issuer)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateClaimsIdentity(JwtSecurityToken jwtToken, String issuer, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
at QER.OAuthAuthentifier.OAuth._ValidateToken(String token, String issuerName, String clientId, String nonce, Boolean openid, IEnumerable`1 signingKeys, Boolean showPiiInLog) at System.Text.StringBuilder.FormatError()
at System.Text.StringBuilder.AppendFormatHelper(IFormatProvider provider, String format, ParamsArray args)
at System.String.FormatHelper(IFormatProvider provider, String format, ParamsArray args)
at System.String.Format(IFormatProvider provider, String format, Object[] args)
at Microsoft.IdentityModel.Logging.IdentityModelEventSource.PrepareMessage(EventLevel level, String message, Object[] args)
at Microsoft.IdentityModel.Logging.IdentityModelEventSource.WriteInformation(String message)
at Microsoft.IdentityModel.Logging.LogHelper.LogInformation(String message, Object[] args)
at Microsoft.IdentityModel.Tokens.TokenValidationParameters.CreateClaimsIdentity(SecurityToken securityToken, String issuer)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateClaimsIdentity(JwtSecurityToken jwtToken, String issuer, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
at QER.OAuthAuthentifier.OAuth._ValidateToken(String token, String issuerName, String clientId, String nonce, Boolean openid, IEnumerable`1 signingKeys, Boolean showPiiInLog)
2020-09-30 11:49:58.4810 ERROR ( ObjectLog 5gyeswz33q0uvh1psa5msp2l) : Failed to authenticate user using OAuth2/Open ID Connect. System.FormatException: Input string was not in a correct format.
at System.Text.StringBuilder.FormatError()
