I tried different ways to get an Azure AD token using a pfx certificate.
But the code below is persistently returning this error:
Error: secretOrPrivateKey must be an asymmetric key when using RS256
I also tried using @azure/keyvault-certificates and azure/identity, then genrating .pem files with open ssl, and in that case I also get the same error.
const axios = require('axios');
const fs = require('fs');
const path = require('path');
const https = require('https');
const qs = require('querystring');
const jwt = require('jsonwebtoken');
const certPath = path.join(__dirname, 'certificate.pfx');
const certBuffer = fs.readFileSync(certPath);
const tokenEndpoint = 'https://login.microsoftonline.com/my-tenant-id/oauth2/token';
const clientId = 'my-app-id';
const tokenPayload = {
aud: tokenEndpoint,
iss: clientId,
sub: clientId,
jti: Math.random().toString(36).substring(7),
nbf: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + 3600,
};
const tokenOptions = {
algorithm: 'RS256',
};
const clientAssertion = jwt.sign(tokenPayload, certBuffer, tokenOptions);
console.log('Client Assertion:', clientAssertion);
const postData = {
grant_type: 'client_credentials',
client_id: clientId,
resource: 'resource',
client_assertion: clientAssertion,
client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
};
const axiosConfig = {
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
httpsAgent: new https.Agent({
pfx: certBuffer,
passphrase: '',
rejectUnauthorized: true,
}),
};
async function getToken() {
try {
const response = await axios.post(tokenEndpoint, qs.stringify(postData), axiosConfig);
const token = response.data.access_token;
console.log('Token:', token);
return token;
} catch (error) {
console.error('Error:', error.message);
if (error.response) {
console.error('Error response from Azure AD:', error.response.data);
}
throw error;
}
}
getToken().then(token => {
console.log('Token:', token);
}).catch(err => {
console.error('Failed to obtain token:', err);
});