Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error invalid_token - The audience is invalid

See original GitHub issue


The front authentication is well but when I request the backend I have a 401 response with :

www-authenticate Bearer error=“invalid_token”, error_description=“The audience ‘xxxxxxx’ is invalid”

This issue is for the sample

    - [ ] 1-1) Sign-in with Azure AD
    - [ ] 1-2) Sign-in with Azure AD B2C
    - [ ] 2-1) Acquire a Token and call Microsoft Graph
    - [x ] 3-1) Protect and call a web API on Azure AD
    - [ ] 3-2) Protect and call a web API on Azure AD B2C
    - [ ]   4) Deploy to Azure Storage and App Service
    - [ ] 5-1) Call a web API using App Roles
    - [ ] 5-2) Call a web API using Security Groups
    - [ ] 6-1) Call a multi-tenant web API
    - [ ] 7-1) Call Microsoft Graph using on-behalf-of flow
    - [ ] 7-2) Call a web API using Proof of Possession tokens

This issue is for a

    - [ ] bug report -> please search issues before submitting
    - [ x] question
    - [ ] feature request
    - [ ] documentation issue or request

Minimal steps to reproduce

I just followed the steps. The only modification is that I updated azure/msal-angular (2.0.0-beta.6) and @azure/msal-browser (2.14.2)

Any log messages given by the failure

Here is my token { “aud”: “xxxxxxxxx”, “iss”: “”, “iat”: 1622482003, “nbf”: 1622482003, “exp”: 1622485903, “aio”: “AVQAq/8TAAAApcE99DC5d8+fiGXeX+4YQiGQk2LRAkoW0/2ef6TjiO9eFSxeWuF4+GL4awP6FUtCGFN89WltByAUrmjhuOASSNT9TXUU+wzhGN0siQXU5pc=”, “azp”: “c8919a3e-aaaa-42c0-b573-533e717bacb8”, “azpacr”: “0”, “name”: “LOUANDRE Gwenael”, “oid”: “d7bbb0e4-2dd3-4c76-9160-uuuuuu”, “preferred_username”: “”, “rh”: “0.AQUAMhhzmNpARkWSA_aDkIAAUT6akciqqsBCtXNTPnF7rLgFAHY.”, “scp”: “access_as_user”, “sub”: “BomEbk_RNwYiVRKpjPfANmUhtFzkj3kCef1qMH0iatU”, “tid”: “98731832-40da-4546-9203-f68390800051”, “uti”: “MqVE0aYsTEautUNWTdMhAQ”, “ver”: “2.0” }

Browser and version

Chrome, Firefox

I found several posts on stackoverflow about that problem but no one corrects the problem. What am I doing wrong? Thanks! We’ll be in touch soon.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

gwenael-louandrecommented, Jun 2, 2021

Thanks! That was my problem. I mixed two projects I worked at the same time. On the other hand, I have a question about one step in demo. In the Register the client app (msal-angular-spa) paragraph after creating the client app, I added a single page application platform in the ‘Authentication’ Azure menu. I think if we don’t declare this kind of platform the msal-angular doesn’t work. Am I wrong?

derisencommented, Jun 7, 2021

Closing, let us know if you need further help

Read more comments on GitHub >

github_iconTop Results From Across the Web

The audience is invalid error - jwt - Stack Overflow
In My (e.g. MVC) client as custom Scope. In API application as ApiName; In IdentityServer Clients configuration as AllowedScope; In API ...
Read more >
Invalid token: "The audience' is invalid" - Auth0 Community
When calling the api with session.idToken it returns with an error of Bearer error="invalid_token",error_description="The audience '<client id>' ...
Read more >
Error authenticating with JWT config due to: audience is invalid
Salesforce uses the username (the sub parameter in the JWT payload) to determine which org to authenticate against. The help for that sfdx ......
Read more >
Active Directory Authenticate API Application using Token ...
I am getting this error. Bearer error="invalid_token", error_description="The audience 'api://a70639ed-6587-43f0-86a7-9d0e2fda5fff' is invalid".
Read more >
Always invalid token #207 - AzureAD/microsoft-identity-web
Bearer error="invalid_token", error_description="The audience '63ee4227-xxxx-xxxx-xxxx' is invalid". The audience GUID is the clientID of my ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found