.NET Core 3.1 - Bearer error="invalid_token", error_description="The audience 'xxxx-xxxx-xxxx-xxxx' is invalid"}

Question

I am getting this error (Bearer error="invalid_token", error_description="The audience 'xxxx-xxxx-xxxx-xxxx' is invalid"}) when attempting to access information from a registered API. The audience is the clientId of the registered API in Azure ADB2C. I have inspected the access token and it also has the same value against the aud key of the token.

My startup configuration is as follows in the app hosting the API:

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)                
                .AddMicrosoftIdentityWebApi(Configuration.GetSection("AzureAd"));

The web app calling the API has the following setup in the startup configuration

    services.AddAuthentication(AzureADDefaults.AuthenticationScheme);
                services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAd")
                    .EnableTokenAcquisitionToCallDownstreamApi(ScopeConstants.SCOPES)
.AddDistributedTokenCaches();

Answer 1

I have managed to get a solution on this though it has no direct correlation with the basic AzureAd parameters setup. I had the the following lines of code in my startup configuration. After removing them, the error disappeared.

services.AddControllersWithViews(options =>
            {
                var policy = new AuthorizationPolicyBuilder()         
                    .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
                    
                    .RequireScope(Configuration["AzureAd:Scopes"])
                    .Build();
                options.Filters.Add(new AuthorizeFilter(policy));
            });