![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 87%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions
Hi @SumitA • Thank you for reaching out.
This error occurs when the access token is acquired for a given resource/api but being consumed by different resource/API.
For example, if you acquire a token with audience https://vault.azure.net (Azure Key Vault) and you pass it as a bearer token while making a graph call, you will get Invalid audience error. You can check the audience by decoding your access token at https://jwt.ms
To resolve this error, you need to make sure the audience in the token is https://graph.microsoft.com by using scope: https://graph.microsoft.com/.default during your token acquisition call and make sure below permissions are consented under the application whose client ID you are using during token acquisition call.
- User.Invite.All
- User.ReadWrite.All
- Directory.ReadWrite.All
To provide consent, you need to navigate to:
Azure Portal > Azure Active Directory > App Registration > search the application using client ID > API Permissions > Add Permission > Select Microsoft Graph API > Delegated Permissions (If you are using user context) or Application Permission (If you are using Application/servicePrincipal context) and select above permissions > once permissions are added click on grant admin consent button.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 49%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 44%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)