Hi @Robert Desbiens ,
This error typically occurs due to issues with the claims mapping or expired policies. When users modify the token contents through claims-mapping policies, the application must know that tokens have been modified by the users rather than attacker so acceptMappedClaims needs to be set to "true" in the application manifest. If thesignInAudience
is AzureADandPersonalMicrosoftAccount
, the value of accessTokenAcceptedVersion must be 2 and acceptMappedClaims should be "true" for single-tenant apps.
"acceptMappedClaims": true, "accessTokenAcceptedVersion": 2,
This is documented here: https://video2.skills-academy.com/en-us/entra/identity-platform/reference-app-manifest#accesstokenacceptedversion-attribute
Also, make sure that you can authorize the JWT token (AddAuthentication().AddJwtBearer in ConfigureServices).
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.