Invalid Resource Error for Scope 'api://AzureADTokenExchange' with Unexpected Addition of './default

[gladjohn]

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

2.18.0

Web app

Sign-in users and call web APIs

Web API

Protected web APIs (validating tokens)

Token cache serialization

Not Applicable

Description

string msiToken = new ManagedIdentityClientAssertion(msiClientId).GetSignedAssertion(CancellationToken.None).Result;

fails with,

{"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named api://AzureADTokenExchange./default was not found in the tenant named bea21ebe-8b64-4d06-9f6d-6a889b120a7c. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 11bd6df9-328d-43b3-b930-f72d3caf0a00 Correlation ID: 8fbda31f-14a8-4bdc-8d80-55d74b58bdb0 Timestamp: 2024-04-24 17:54:15Z","error_codes":[500011],"timestamp":"2024-04-24 17:54:15Z","trace_id":"11bd6df9-328d-43b3-b930-f72d3caf0a00","correlation_id":"8fbda31f-14a8-4bdc-8d80-55d74b58bdb0","error_uri":"

Reproduction steps

try acquire token using

string msiToken = new ManagedIdentityClientAssertion(msiClientId).GetSignedAssertion(CancellationToken.None).Result;

Error message

No response

Id Web logs

No response

Relevant code snippets

string msiToken = new ManagedIdentityClientAssertion(msiClientId).GetSignedAssertion(CancellationToken.None).Result;

Regression

2.17.5

Expected behavior

should get a token

[jennyf19]

release in 2.18.1