Share
ReportHi,
I am implementing the OAuth 2.0 Implicit Grant Flow into my Power Pages app in order to generate tokens which will be passed through when calling a custom external API. The external API must validate the token signature along with some other claims. In order to validate the token signature, it must obtain the public key from <portal_url>/_services/auth/publickey as per the documentation Use OAuth 2.0 implicit grant flow in your Power Pages site | Microsoft Learn. However, this is not possible as this endpoint requires cookie-based authentication as I've seen from inspecting a successful request. I have also tried but could not access it using postman and passing in a token generated from <portal_url>/_services/auth/token. Is there another way for me to access this public key/validate my tokens? Also thought of storing it in key vault but it isn't clear how often the key is rotated and I would like to avoid manually updating the key vault if possible.
All responses (
Answers (
55
