I have a angular application that request a token from azure. The login went well and I get a token. This token is now send from the angular app to a net core webapi application. Net core should verify this token but failed. I think the webapi should also contact azure to validate the token because it has no knowledge of the private and public key that is needed to verify the token.

At the moment it is not clear why it is failing. Both angular app and the webapi are running local on my computer.

The error is: Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: 'IDX10500: Signature validation failed. No security keys were provided to validate the signature.'

my net core 2 config is:

var tokenValidationParameters = new TokenValidationParameters
            {

                RequireExpirationTime = true,
                RequireSignedTokens = false,
                ValidateIssuerSigningKey = true,
                ValidateIssuer = true,
                ValidIssuer = "8d708afe-2966-40b7-918c-a39551625958",
                ValidateAudience = true,
                ValidAudience = "https://sts.windows.net/a1d50521-9687-4e4d-a76d-ddd53ab0c668/",
                ValidateLifetime = false,
                ClockSkew = TimeSpan.Zero
            };
            services.AddAuthentication(options =>
            {
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;

            }).AddJwtBearer(options =>
            {

                options.Audience = "8d708afe-2966-40b7-918c-a39551625958";
                options.ClaimsIssuer = "https://sts.windows.net/a1d50521-9687-4e4d-a76d-ddd53ab0c668/";
                options.RequireHttpsMetadata=false;
                options.TokenValidationParameters = tokenValidationParameters;
                options.SaveToken = true;
            });

That is quite a lot of configuration you have :)

The two mandatory settings are the Audience and Authority:

services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(o =>
    {
        o.Audience = "8d708afe-2966-40b7-918c-a39551625958";
        o.Authority = "https://login.microsoftonline.com/a1d50521-9687-4e4d-a76d-ddd53ab0c668/";
    });

You are missing the Authority so it does not know where to load the signing public keys from.

You are missing IssuerSigningKey property in your TokenValidationParameters. Thats why its complaining.

The simplest example would be

IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("yOURsECRETkEY12345"))

I'm not sure how azure comes into play, you probably need it to retrieve security key information, if thats your signing authority

Edit:

Azure specific settings

.AddJwtBearer(options => {
        options.Authority = string.Format("https://login.microsoftonline.com/tfp/{0}/{1}/v2.0/", Configuration["Authentication:AzureAd:Tenant"], Configuration["Authentication:AzureAd:Policy"]);
        options.Audience = Configuration["Authentication:AzureAd:ClientId"];
    });