IDX10214: Audience validation failed: Message less than clear for Azure Functions

TL;DR This has nothing to do with audiences it means Azure Function Authentication’s Identity Provider Client Id, make sure you supply the one that matches.

We had this recently at a client site, they have a Azure Function that is secured by Azure Active Directory and when they try and access it from a Web Application they get:

{
“code”: 401,
“message”: “IDX10214: Audience validation failed. Audiences: ‘[PII is hidden]’. Did not match: validationParameters.ValidAudience: ‘[PII is hidden]’ or validationParameters.ValidAudiences: ‘[PII is hidden]’.”
}

They don’t use ‘audiences’ so what does it mean.

The call is done via TypeScript, using msal-browser to create a Public Client Application, and looks something like this:

No audiences there, at all.

It took a while but finally we discovered they had deleted and recreated the Azure Function Authentication, so its App (client) ID had changed, look at the line 13, teh client ID is being supplied from a ‘cache-service’ and they hadn’t updated the cache.

So long story short:

Audience = ClientId

TL;DR This has nothing to do with audiences it means Azure Function Authentication’s Identity Provider Client Id, make sure you supply the one that matches.