web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages - General Discussions / Portal auth token vali...
Power Pages - General Discussions
Suggested Answer

Portal auth token validation failed with the public key

(0) ShareShare
ReportReport
Posted on by shriramayushnvs
Hi, I created a self-signed certificate and added it in power platform admin center using the following commands:
 
$certificateName = "powerpages.yourdomain.com"
$certPassword = ConvertTo-SecureString -String 'YourStrongPassword123!' -Force -AsPlainText
 
$certificate = New-SelfSignedCertificate `
    -Type Custom `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -DnsName $certificateName `
    -Subject "CN=$certificateName" `
    -KeyLength 2048 `
    -KeyAlgorithm RSA `
    -HashAlgorithm SHA256 `
    -NotAfter (Get-Date).AddYears(5) `
    -KeyExportPolicy Exportable `
    -KeySpec Signature
 
Export-PfxCertificate `
    -Cert "Cert:\CurrentUser\My\$thumbprint" `
    -FilePath "C:\certificates\powerpages.pfx" `
    -Password $certPassword `
    -CryptoAlgorithmOption TripleDES_SHA1

But the generated token from '/_services/auth/token' failed the signature verification from the public key at '/_services/auth/publickey' when I checked on jwt.io website.

I am not sure, what am I doing wrong.

I found this thread which says, self-signed certificated can be used to call an external API.
https://community.powerplatform.com/forums/thread/details/?threadid=b28c273a-6550-4c9a-a603-39e59407fcb9

Any help would be appreciated.
Thanks
Categories:
General
I have the same question (0)
  • Suggested answer
    sannavajjala87 Profile Picture
    sannavajjala87 143 on at
    Portal auth token validation failed with the public key
    Hi,
     

    The issue is not with the Power Pages token service itself—it’s with the self-signed certificate you created. Here’s why:

    • Power Pages uses Azure Active Directory (AAD) and OpenID Connect for token signing.
    • The /auth/token endpoint issues tokens signed by Microsoft identity platform keys, not your custom certificate.
    • Adding a self-signed certificate in Power Platform Admin Center is for custom domain SSL binding, not for signing JWT tokens.

    So, the public key at /auth/publickey will never match your self-signed certificate because the token is not signed with it.

    How to Call External APIs Securely:

    If your goal is to call an external API from Power Pages:

    Use OAuth 2.0 or Azure AD App Registration
    • Register your external API in Azure AD.
    • Configure client credentials or delegated permissions.
    • Use Power Pages Web API or Liquid templates to acquire tokens.
    Do NOT rely on self-signed cert for JWT
    • Instead, use Azure Key Vault or Managed Identity for secure secrets.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Forum hierarchy changes arriving December 5th!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Coming soon: forum hierarchy changes

In our never-ending quest to improve we are simplifying the forum hierarchy…

Chiara Carbone – Community Spotlight

We are honored to recognize Chiara Carbone as our Community Spotlight for November…

Congratulations to the October Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Jerry-IN Profile Picture

Jerry-IN 64

#2
Fubar Profile Picture

Fubar 46 Super User 2025 Season 2

#3
Michael E. Gernaey Profile Picture

Michael E. Gernaey 27 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals

Product updates

Microsoft Power Platform Community release plans