Getting IDX10205 when accessing backend api from frontend

Question

I'm trying to set up a frontend React app service and a backend Node app service, which both require authentication, according to this tutorial . I've followed the steps except that I needed to set "loginParameters": ["response_type=code id_token", "scope=openid api://<backend app id>/user_impersonation"] instead of additionalLoginParams since my app uses auth v2.

When my frontend app calls my backend api I get the following error

{"code":401,"message":"IDX10205: Issuer validation failed. Issuer: '[PII is hidden]'. Did not match: validationParameters.ValidIssuer: '[PII is hidden]' or validationParameters.ValidIssuers: '[PII is hidden]'."}

I don't know how to debug this as the useful information in the response is hidded and I can't find a way to show it when using Node. I have inspected the token and the issuer is https://sts.windows.net/<tenant id>/ , but I don't know what's expected or how to set ValidIssuer.

What I do for authentication code-wise is calling /.auth/me from frontend after login to receive an access token and this token is passed to the backend api in the header as Authentication: Bearer <access_token> . I'm expecting Azure to handle everything else according to the settings made in the linked tutorial. Is this correct?

How can I debug this issue?

EDIT

This is how the Expose an API page of backend app registration looks.

This is the data of my access token.

Answer 1

Your question has been resolved, post it as the answer to the end of the question.

As I said in the comments, you need to obtain the 2.0 version of the token. So you need to change the accessTokenAcceptedVersion attribute of the application manifest to: "accessTokenAcceptedVersion": 2 .