I need help in the context of error = I am getting "message": "Access token validation failure. Invalid audience.",

I am using the Authorisation code grant type in Oauth. I have mapped custom claims to the app using Azure AD policy. So If I user Scope = AppId/.default then I get a custom claim in token and scope what APP has API permission on Azure AD such as user.read, directory.read. But with this when I call graph API for a user profile to see a member of "" I get error "Invalid audience"

However, If I use scope = Then I am able to query though custom claim which is mapped to App does not come up.

Any help would be appreciated?

2

1 Answer

Tokens can only have one audience, which controls which API they grant access to. The token for your app/API cannot be used for Graph. It isn't clear what your exact scenario is here, but if you're calling Graph from your app/API, you may want to look at the on-behalf-of flow to exchange your first token for a Graph token.

4

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.