Hi @Brian Cress ,
Welcome to Microsoft Q&A forum.
Could you please try below if this helps.
- Navigate to Azure Active Directory > App Registrations > click on your app > API Permissions > +Add a permission > click on Azure Service Management > Delegated permissions > select checkbox for user_impersonation permission > Grant Admin consent.
-
In your code, instead of using "api://{clientId}/access_as_user"
, use https://management.azure.com/user_impersonation
scope.
Additionally, take a look at [https://stackoverflow.com/questions/34384409/azure-the-access-token-has-been-obtained-from-wrong-audience-or-resource if this helps.
If this answers your query, do click Accept Answer
and Up-Vote
for the same. And, if you have any further query do let us know.