@IB Product Thanks for reaching out. Can you please confirm if the issue is specific to a particular user? Assuming that you have passed the right value and already validate it to generate the Access Token via API. If not then please revalidate it and let me know if you need any help in validating it.
If the request is correctly built but you are still getting the error then It looks like that user in APIM DB is registered/or it got changed with a different Object ID than the OID in Azure AD. Can you please validate whether the OID in APIM DB is the same as OID in Azure AD.
If the OID value is different then I will suggest you to update the user identity in the APIM DB with the new OID that you see in Azure AD. APIM admin can use Create or Update REST API to update the user identity in the APIM DB. That will essentially migrate the user (including all their subscription keys etc.).
{
"properties": {
"email": "<<youruseremailID>>",
"identities": [
{
"provider": "Aad",
"id": "<<same OID from azure AD>>"
}
]
}
}