I am trying to call an Azure AD protected Web Api with the acceptMappedClaims=true in the manifest of the app registration. I'm calling from a console app using ConfidentialClientApplication. Below is the error message.
Microsoft.Identity.Client.MsalServiceException: 'AADSTS501461: AcceptMappedClaims is only supported for a token audience matching the application GUID or an audience within the tenant's verified domains. Either change the resource identifier, or use an application-specific signing key.
If you’re planning to use non-verified domain based identifier, then you will get the error you provided.
Below is example for the Manifest changes (AcceptMappedClaims, and verified domain matching URI)
"id": "901e4433-88a9-4f76-84ca-ddb4ceac8703",
"acceptMappedClaims": true,
"accessTokenAcceptedVersion": null,
"addIns": [],
"allowPublicClient": null,
"appId": "9bcda514-7e6a-4702-9a0a-735dfdf248fd",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2019-06-05T17:37:58Z",
"groupMembershipClaims": null,
"identifierUris": [
"https://samajwt.dewi.red"
],