Invalid access token received.

[kamalbabu]

While authenticating against Azure AD , i am receiving invalid access token . I am expecting id_token , access_token and refresh_token from my token endpoint.

But while inspecting the tokens , i see that access_token is not a valid jwt token . It is same as refresh_token . Which means i am unable to use the access_token to access Api resource.

I have local Identity Server against which i tried the same code with corresponding client credentials . To my surprise the access_token i receive is a valid jwt token , which i can use to access api resource. Everything is working fine.

Following is my startup config for oidc

services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddCookie(options =>
            {
                options.ExpireTimeSpan = TimeSpan.FromSeconds(1000);
                options.Cookie.Name = "mvcapplication";
            })
            .AddOpenIdConnect(option=>{
        options.Authority = "http://localhost:5000/";
                options.ClientId = "mvc";
                options.ClientSecret = "secret";
                options.ResponseType = "code id_token";
                options.ResponseMode = "form_post";
                options.SignInScheme = "Cookies";
                options.CallbackPath = "/Home/Index/";
                options.RequireHttpsMetadata = false;
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;

                //Default Scopes
                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.Scope.Add("offline_access");
         });

I am confused why AzureAD is giving me invalid access token? Is this default behaviour with AzureAD? If so , how can i get API resources?