An error occurs when I login as a service principal to my app: "Token contains invalid claims"

Nikol 0 Reputation points

We have an app registration in AAD with MFA enabled and authentication configured using MSAL.

I've read that it is possible to bypass the MFA if I login as a service principal. I logged in using Azure CLI tool using Application (client) ID, Directory (tenant) ID and Secret value. Also I used "--allow-no-subscriptions" flag. Got an access token successfully.

When I am trying to use our app's API, next error is returned: "Token contains invalid claims".

What should I do to have access to my app using service principal? There are a lot of info on internet about roles within subscription/claims/scopes/resource groups. I am confused.

I would be grateful for your assistance!

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,125 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,697 questions
{count} votes