I'm having trouble getting any of the Application ID URIs working. I have a Blazor WebAssembly Hosted application, written in ASP.NET Core 5.0. Using the api://<appId> format is fine, but this doesn't play well with Terraform. I can get my client talking to the server using api://<appId>, so I know the code is working fine. When I swap the Application ID URI to use any of the other formats, such as https://<verifiedCustomDomain>/<string> or api://<tenantId>/<string>, I get a 401 error. I'm using a verified Azure AD domain.
I can see that <string> means, "The string value for the host or the api path segment.", but I'm not sure what that means. I've been testing with <string> set to the name of my App Service and also the name of the App Registration. I've also tried changing the App Registration from Single Tenant to Multitenant (just in case that makes a difference).
Any advice would be much appreciated.
For anyone stumbling upon this, the solution is to make sure to include the Audience within the AzureAD block in appsettings.json.
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"TenantId": "7867-7866-7687-8678-8678678676",
"ClientId": "5456-6567-5676-5675-5675757565",
"Audience": "https://myapp.example.com"
}
The Application ID URI (within the App Registration - Expose an API section) should be exactly the same as the Audience value.