Hi @Saivenkat Mahendrakar
I realize that when you have added <Custom Scope> in the token request it is working fine, but you are facing an issue passing multiple APIs that works for both Microsoft Graph API and Custom API for further validation,
If the permissions required for accessing both APIs are missing, there is a possibility that the token might not have the right permissions for both Graph and custom APIs. Ensure you have added and configured the necessary custom scopes under the "Expose an API" section for your custom API along with the required permissions.
Since the aud in the access token reflects both the Microsoft Graph API audience and your custom API audience, you need to make sure that when you expose your custom API, you assign it an audience (an Application ID URI) which needs to be a part of aud claim. Also, ensure the correct code flow configuration is selected after making the changes.
Azure AD application ->Select API Permissions -> Add a permission -> My APIs ->Select the web API you registered as part of the scope name (search with application_id it will shows scopes) -> select delegated permissions -> click on add permissions ->As an admin, you can also grant consent on behalf of all users, so they're not prompted to do so.
Hope this helps. Do let us know if you have any further queries.
Thanks,
B. Siri Chandana.