[Question] B2C Invalid token, audience is invalid

[RhomGit]

Which version of Microsoft Identity Web are you using?
Microsoft Identity Web 1.16.0

Where is the issue?

• Web API
  • Protected web APIs (validating tokens)

Is this a new or an existing app?
c. This is a new app or an experiment.

I have a desktop App and I am trying to secure an API. Both API and App are registered in Azure.
jwt.ms reports that the audience in the token is the same as the one being reported by Postman as being incorrect:
Bearer error="invalid_token", error_description="The audience '89da34ef-desktop-app-id' is invalid"

Any idea why the audience is being reported as incorrect?

[RhomGit]

As per this doc https://github.com/AzureAD/microsoft-identity-web/wiki/web-apis I have updated ConfigureServices to just:
services.AddMicrosoftIdentityWebApiAuthentication(Configuration, "AzureAdB2C");

As per this doc https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-protected-web-api-app-registration I have checked and:
accessTokenAcceptedVersion = 2

I have triple-checked and the client app has access to the API:

[jmprieur]

@RhomGit
What scopes are you asking in the client? (desktop app)?

[RhomGit]

Hi @jmprieur , thanks for your response.

Also for completeness the controller isn't checking scopes yet (commented out). I don't think the request actually hits the controller.

[RhomGit]

Update: after looking at jwt.ms I notice that MSAL isn't returning the scopes in the token.
I have no idea why this is.

I have raised a ticket here: AzureAD/microsoft-authentication-library-for-dotnet#2856