Hi Shubhank - Thanks for reaching out.
There are couple of options to explore for this exception:
- Verify what's the audience used for generating the token? Please verify it to be from storage.azure.com and then test it ahead.
- SPN is gaining token from same tenant where the storage account is hosted. This can also cause issue with validation of the token when presented to storage.
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.