web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Agent Academy Hackathon is happening now!
Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Portal auth token vali...
Power Pages
Suggested Answer

Portal auth token validation failed with the public key

(0) ShareShare
ReportReport
Posted on by shriramayushnvs 8
Hi, I created a self-signed certificate and added it in power platform admin center using the following commands:
 
$certificateName = "powerpages.yourdomain.com"
$certPassword = ConvertTo-SecureString -String 'YourStrongPassword123!' -Force -AsPlainText
 
$certificate = New-SelfSignedCertificate `
    -Type Custom `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -DnsName $certificateName `
    -Subject "CN=$certificateName" `
    -KeyLength 2048 `
    -KeyAlgorithm RSA `
    -HashAlgorithm SHA256 `
    -NotAfter (Get-Date).AddYears(5) `
    -KeyExportPolicy Exportable `
    -KeySpec Signature
 
Export-PfxCertificate `
    -Cert "Cert:\CurrentUser\My\$thumbprint" `
    -FilePath "C:\certificates\powerpages.pfx" `
    -Password $certPassword `
    -CryptoAlgorithmOption TripleDES_SHA1

But the generated token from '/_services/auth/token' failed the signature verification from the public key at '/_services/auth/publickey' when I checked on jwt.io website.

I am not sure, what am I doing wrong.

I found this thread which says, self-signed certificated can be used to call an external API.
https://community.powerplatform.com/forums/thread/details/?threadid=b28c273a-6550-4c9a-a603-39e59407fcb9

Any help would be appreciated.
Thanks
Categories:
General topics
I have the same question (0)
  • Suggested answer
    sannavajjala87 Profile Picture
    sannavajjala87 224 Super User 2026 Season 1 on at
    Hi,
     

    The issue is not with the Power Pages token service itself—it’s with the self-signed certificate you created. Here’s why:

    • Power Pages uses Azure Active Directory (AAD) and OpenID Connect for token signing.
    • The /auth/token endpoint issues tokens signed by Microsoft identity platform keys, not your custom certificate.
    • Adding a self-signed certificate in Power Platform Admin Center is for custom domain SSL binding, not for signing JWT tokens.

    So, the public key at /auth/publickey will never match your self-signed certificate because the token is not signed with it.

    How to Call External APIs Securely:

    If your goal is to call an external API from Power Pages:

    Use OAuth 2.0 or Azure AD App Registration
    • Register your external API in Azure AD.
    • Configure client credentials or delegated permissions.
    • Use Power Pages Web API or Liquid templates to acquire tokens.
    Do NOT rely on self-signed cert for JWT
    • Instead, use Azure Key Vault or Managed Identity for secure secrets.
  • TO-21051152-1ax'+console.log('TH0ROID XSS')+' Profile Picture
    TO-21051152-1ax'+co... 2 Microsoft Employee on at
    same thing happened to me

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Agent Academy Hackathon is happening now!
Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the April Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Valantis Profile Picture

Valantis 58

#2
11manish Profile Picture

11manish 49

#3
Haque Profile Picture

Haque 28

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans