Problem with Azure AD JWT - solved

pkfox

I have an API and a client registered for authorization on Azure AD. When making a call to an endpoint which has the Authorize attribute on, I'm getting a 401 unauthorized response. I think the problem is, I'm using the wrong clientid/ResourceId combination when acquiring the token ( I get a token but it's invalid ) - anyone know which clientid/ResourceId I should be using when requesting the token ? On the API registration in Azure the values are

ClientId: "0efb6359-0d88-4196-9f53-054b042b2ae1"
Instance: https://login.microsoftonline.com/",
ResourceId: "api://0efb6359-0d88-4196-9f53-054b042b2ae1/.default", // this should be 41eeebbd-ea7f-4f49-a936-1624b6cb9c72
TenantId: "90fff3ee-9a7c-4eb1-8259-4d8c6bf6ca90"

and the client

ClientId: "41eeebbd-ea7f-4f49-a936-1624b6cb9c72",
Instance: "https://login.microsoftonline.com/",
ResourceId: "api://0efb6359-0d88-4196-9f53-054b042b2ae1/.default" // this should be 41eeebbd-ea7f-4f49-a936-1624b6cb9c72
TenantId: "90fff3ee-9a7c-4eb1-8259-4d8c6bf6ca90"

I'm confused ;) I've tried swapping out the clientid/ResourceId but to no avail hope this makes sense Edit I figured it out you have to put the clientid of the Client in the resourceid of the API

Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP