Azure AAD - The audience is invalid

Question

I have create a webapi secured with azure active directory. I need to test this now and trying to use fiddler with an authorization header. I am trying to generate the token wit

Answer 1

Problem

After implementing the instructions found in this Protected web API: Code configuration article, I received an error message similar to the OP's:

WWW-Authenticate: Bearer error="invalid_token", error_description="The audience is invalid"

The problem turned out to be my AzureAd > ClientId setting in my appsettings.json file.

Solution

I updated the appsettings.json file of my ASP.NET Core Web API app so that the ClientId setting used the "Application ID URI" found in portal.Azure.com under my App Registriation > "Expose An API" section.

The section in appsettings.json looks similar to this:

"AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "TenantId": "XXXXXXXX-XXXXX-XXXXX-XXXXX-XXXXXXXXXX",
    // ClientId = Portal.Azure.com > App Registration > Expose an API > "Application ID URI"
    "ClientId": "api://XXXXX-XXXXXX-XXXXX-XXXX-XXXXXXXXX"   
}