I have two Container apps on azure, one hosting a web app(proxy) the other an Api that the proxy uses and this will eventually have a App pointing to it.
I have configured my b2c tenant with customs policies like in the docs. I went this route because I needed multi-tenant Azure Ad support.
I can log into my front end en read the claims correctly from my proxy, but how do I access the api as the current user?
I have exposed an api in my app service and added the permission to the web app service.
When testing in azure, and using jwt.ms I select the api as a resource with the openid and user-impersonation scopes.
This token cannot be validated because of the audience.
However when I remove the openid scope i get a valid token that can then call the api.
How do I force this behaviour in easy auth?
I found this answer which helped me solve the issue.
I added my user-impersonation scope as it is in b2c, this included the access token for the api in the headers.