I was recently redeploying a provider hosted SharePoint app from development to production. I had completed the app component of the deployment but hadn’t made any changes to the web component. The updates to the SharePoint app, in this case a new icon image and more meaningful app title, were successfully deployed and I could see them. I was able to add the app to a site with no problems but when I tried to run the app and was redirected to the azure web site I received the following error:
System.IdentityModel.Tokens.SecurityTokenException: Invalid issuer or signature
For the life of me I could sort out what had happened to cause this error or how to fix it as everything seemed to have worked correctly with the deployment.
Eventually I worked out what had happened. I had deployed the app from development to production but had not corrected the Client Id and Client secret to the values that had previously been generated for production. This meant that when the user was redirected to the production azure web site the client details in SharePoint, in this case from development, did not match those configured into the associated Azure web site and the end result was the above error. Once I returned to the visual studio solution and corrected the Client Id/Secret in the web.config and the publishing profile and deployed a new version of the app component the issue was successfully resolved.