Problem when I call a GET request with an AZURE token. InvalidAuthenticationTokenAudience

Copper Contributor

I have a .NET desktop application where I login with my Microsoft account (username and email). When I do that, I obtain an access token. Then, I want to display in the CONSOLE the list of subscriptions I have activated in that account. I am using a GET REQUEST, which is the only thing I have found in the documentation of Azure SDK for .NET developers.

class Program

        public static string clientId = "XXXXXXXXXXXXXXXXXXXXXX";
        public static string tenantId = "XXXXXXXXXXXXXXXXXXXXXX";

        public static IPublicClientApplication PublicClientApp;

        static void Main(string[] args)



        static async Task GetATokenForGraph()
            var options = new PublicClientApplicationOptions();
            options.ClientId = clientId;
            options.AzureCloudInstance = AzureCloudInstance.AzurePublic;
            options.TenantId = tenantId;

            PublicClientApp = PublicClientApplicationBuilder.CreateWithApplicationOptions(options)

            var _scopes = new string[] { $"api://{clientId}/access_as_user" }.AsEnumerable();
            var authResult = await PublicClientApp.AcquireTokenInteractive(_scopes)

            Console.WriteLine("Username: " + authResult.Account.Username);
            Console.WriteLine("Environment: " + authResult.Account.Environment);
            Console.WriteLine("Scope: " + authResult.Scopes.FirstOrDefault());
            var httpClient = new HttpClient();

            httpClient.DefaultRequestHeaders.Authorization = AuthenticationHeaderValue.Parse(authResult.CreateAuthorizationHeader());
            const string environmentsUri = "";

            var response = httpClient.GetAsync(environmentsUri).Result;

            var content = response.Content.ReadAsStringAsync().Result;
            Console.WriteLine("\nContent HTTP request:\n");


However, when I execute the code and I print the content, I get this error:

{"error":{"code":"InvalidAuthenticationTokenAudience","message":"The access token has been obtained for wrong audience or resource 'XXXXXXXXXXXXXXXXXXXXXXXXXXX'. It should exactly match with one of the allowed audiences '','','',''."}}


I did all the steps to register my application as in


0 Replies