Hi @fyo
Apology for the delay in responding. I have tested the setup at my following this document. I was able to repro the same error:
AADSTS500013: Resource identifier is not provided.
Please verify if you are using the correct metadata endpoint URL. To resolve the error I have updated the MetaData endpoint URL in OpenID Connect for your API resource as below. You can get the metadata endpoint URL by navigating to endpoints for your AD application.
https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration
Policy:
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0/.well-known/openid-configuration" />
<required-claims>
<claim name="aud">
<value>cdd5fcc6-7961-436e-8aa7-c25af82aceee</value>
</claim>
</required-claims>
</validate-jwt>
Also, verify that you have added the redirect URL by navigating to AD application --> Authentication and verify that the Redirect URL is added:
https://{yourAPIMInstanceName}.developer.azure-api.net/signin-oauth/implicit/callback
Hope the above helps you to resolve the issue. Feel free to get back to me if you are facing any issue.