Hello @Mark Babayev ,
Thanks for reaching out.
This behavior is to be expected when you try to validate access_token signature which issued for Microsoft Graph API (https://graph.microsoft.com/) . when you get an access token for Graph, it can only be used to consume Microsoft Graph API / Graph. If you have your own web api, you must get another access token (issued to your web api) and send it as bearer, not the Graph one for validation.
You should not be looking at or trying to validate access tokens for Apis that are not "yours", like those issued for MS Graph API. See these article for a detailed discussion
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/609#issuecomment-383877585
https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/issues/183#issuecomment-529632013
Hope this helps.
Regards,
Siva Kumar SelvaraJ
---------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.