{"id":1101,"date":"2023-10-27T11:26:26","date_gmt":"2023-10-27T03:26:26","guid":{"rendered":"https:\/\/www.ruianding.com\/blog\/?p=1101"},"modified":"2023-10-27T11:26:26","modified_gmt":"2023-10-27T03:26:26","slug":"aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key","status":"publish","type":"post","link":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/","title":{"rendered":"AADSTS50146: This application is required to be configured with an application-specific signing key"},"content":{"rendered":"\n<p>I was testing the sign-in process for the OIDC flow using Postman. It worked fine on the day I set it up, but the next day I encountered an issue and I could not retrieve the ID token anymore. I was getting the following AADSTS50146 error.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1234\" height=\"73\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png\" alt=\"\" class=\"wp-image-1105\"\/><\/figure>\n\n\n\n<p>Then I remembered that I had added an optional claim in the ID token for testing purposes.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-21.png\" alt=\"\" class=\"wp-image-1104\" width=\"766\" height=\"131\"\/><\/figure>\n\n\n\n<p>The error description did not seem to match the actual root cause. I searched online and found a solution on this page: <a href=\"https:\/\/stackoverflow.com\/questions\/59383452\/aadsts50146-error-when-attempting-to-retrieve-oauth-access-token\">azure active directory &#8211; AADSTS50146 error when attempting to retrieve Oauth access_token &#8211; Stack Overflow<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-19.png\" alt=\"\" class=\"wp-image-1102\" width=\"686\" height=\"363\"\/><\/figure>\n\n\n\n<p>According to the answer, the problem was caused by the <code>acceptMappedClaims<\/code> property being set to null by default. When I followed the instructions to set it to <code>true<\/code>, the issue was resolved.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-20.png\" alt=\"\" class=\"wp-image-1103\" width=\"586\" height=\"396\"\/><\/figure>\n\n\n\n<p>I also noticed that the optional claim is reflected in the ID token:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"461\" height=\"130\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-23.png\" alt=\"\" class=\"wp-image-1106\"\/><\/figure>\n\n\n\n<p><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was testing the sign-in process for the OIDC flow using Postman. It worked fine on the day I set it up, but the next day I encountered an issue and I could not retrieve the ID token anymore. I was getting the following AADSTS50146 error. Then I remembered that I had added an optional [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[35,12],"tags":[45],"class_list":["post-1101","post","type-post","status-publish","format-standard","hentry","category-saas","category-troubleshooting","tag-saas"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>AADSTS50146: This application is required to be configured with an application-specific signing key - \u6781\u7b80IT\uff5cSimpleIT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AADSTS50146: This application is required to be configured with an application-specific signing key - \u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"og:description\" content=\"I was testing the sign-in process for the OIDC flow using Postman. It worked fine on the day I set it up, but the next day I encountered an issue and I could not retrieve the ID token anymore. I was getting the following AADSTS50146 error. Then I remembered that I had added an optional [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/\" \/>\n<meta property=\"og:site_name\" content=\"\u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-27T03:26:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1234\" \/>\n\t<meta property=\"og:image:height\" content=\"73\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ruian Ding\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ruian Ding\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/\"},\"author\":{\"name\":\"Ruian Ding\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"headline\":\"AADSTS50146: This application is required to be configured with an application-specific signing key\",\"datePublished\":\"2023-10-27T03:26:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/\"},\"wordCount\":157,\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png\",\"keywords\":[\"SAAS\"],\"articleSection\":[\"SaaS\",\"Troubleshooting\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/\",\"name\":\"AADSTS50146: This application is required to be configured with an application-specific signing key - \u6781\u7b80IT\uff5cSimpleIT\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png\",\"datePublished\":\"2023-10-27T03:26:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#primaryimage\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png\",\"width\":1234,\"height\":73},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ruianding.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AADSTS50146: This application is required to be configured with an application-specific signing key\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\",\"url\":\"https:\/\/www.ruianding.com\/blog\/\",\"name\":\"Ruian's Tech Troubleshooting Toolbox\",\"description\":\"Debug the World.\",\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"alternateName\":\"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\",\"name\":\"Ruian Ding\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"width\":284,\"height\":284,\"caption\":\"Ruian Ding\"},\"logo\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\"},\"description\":\"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.\",\"sameAs\":[\"https:\/\/www.ruianding.com\"],\"url\":\"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AADSTS50146: This application is required to be configured with an application-specific signing key - \u6781\u7b80IT\uff5cSimpleIT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/","og_locale":"en_US","og_type":"article","og_title":"AADSTS50146: This application is required to be configured with an application-specific signing key - \u6781\u7b80IT\uff5cSimpleIT","og_description":"I was testing the sign-in process for the OIDC flow using Postman. It worked fine on the day I set it up, but the next day I encountered an issue and I could not retrieve the ID token anymore. I was getting the following AADSTS50146 error. Then I remembered that I had added an optional [&hellip;]","og_url":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/","og_site_name":"\u6781\u7b80IT\uff5cSimpleIT","article_published_time":"2023-10-27T03:26:26+00:00","og_image":[{"width":1234,"height":73,"url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png","type":"image\/png"}],"author":"Ruian Ding","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ruian Ding","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#article","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/"},"author":{"name":"Ruian Ding","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"headline":"AADSTS50146: This application is required to be configured with an application-specific signing key","datePublished":"2023-10-27T03:26:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/"},"wordCount":157,"publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png","keywords":["SAAS"],"articleSection":["SaaS","Troubleshooting"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/","url":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/","name":"AADSTS50146: This application is required to be configured with an application-specific signing key - \u6781\u7b80IT\uff5cSimpleIT","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#primaryimage"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png","datePublished":"2023-10-27T03:26:26+00:00","breadcrumb":{"@id":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#primaryimage","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/10\/image-22.png","width":1234,"height":73},{"@type":"BreadcrumbList","@id":"https:\/\/www.ruianding.com\/blog\/aadsts50146-this-application-is-required-to-be-configured-with-an-application-specific-signing-key\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ruianding.com\/blog\/"},{"@type":"ListItem","position":2,"name":"AADSTS50146: This application is required to be configured with an application-specific signing key"}]},{"@type":"WebSite","@id":"https:\/\/www.ruianding.com\/blog\/#website","url":"https:\/\/www.ruianding.com\/blog\/","name":"Ruian's Tech Troubleshooting Toolbox","description":"Debug the World.","publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"alternateName":"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b","name":"Ruian Ding","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","width":284,"height":284,"caption":"Ruian Ding"},"logo":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/"},"description":"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.","sameAs":["https:\/\/www.ruianding.com"],"url":"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/"}]}},"_links":{"self":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/1101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/comments?post=1101"}],"version-history":[{"count":1,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/1101\/revisions"}],"predecessor-version":[{"id":1107,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/1101\/revisions\/1107"}],"wp:attachment":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/media?parent=1101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/categories?post=1101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/tags?post=1101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}