error code Forbidden because policy requires use on-behalf-of (OBO)

Hi there, I have the following Error below, do someone know what I do wrong?

I followed the WALKTHROUGH.md https://github.com/vcsjones/AzureSignTool/blob/main/WALKTHROUGH.md

LOG

  Content:
  {"error":{"code":"Forbidden","message":"The policy requires the caller 'appid=9c62...759;oid=339...b9e;iss=https://sts.windows.net/828...a9e/' to use on-behalf-of (OBO) flow. For more information on OBO, please see https://go.microsoft.com/fwlink/?linkid=2152310","innererror":{"code":"ForbiddenByPolicy"}}}

  Headers:
  Cache-Control: no-cache
  Pragma: no-cache
  x-ms-keyvault-region: germanywestcentral
  x-ms-client-request-id: c2f...f51
  x-ms-request-id: b0b...90d
  x-ms-keyvault-service-version: 1.9.472.5
  x-ms-keyvault-network-info: conn_type=Ipv4;addr=1xx.1xx.4x.x;act_addr_fam=InterNetwork;
  X-Content-Type-Options: REDACTED
  Strict-Transport-Security: REDACTED
  Date: Thu, 28 Jul 2022 11:45:55 GMT
  Content-Length: 387
  Content-Type: application/json; charset=utf-8
  Expires: -1

     at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
     at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
     at Azure.Security.KeyVault.Certificates.CertificateClient.GetCertificateAsync(String certificateName, CancellationToken cancellationToken)
     at AzureSignTool.KeyVaultConfigurationDiscoverer.Materialize(AzureKeyVaultSignConfigurationSet configuration) in /_/src/AzureSignTool/KeyVaultConfigurationDiscoverer.cs:line 45

fail: AzureSignTool.SignCommand[0] Failed to get configuration from Azure Key Vault.

[error]Cmd.exe exited with code '-2147024809'.

Finishing: Sign outputted .exe with global AzureSignTool

vcsjones / AzureSignTool

error code Forbidden because policy requires use on-behalf-of (OBO) #170

[error]Cmd.exe exited with code '-2147024809'.