So I'm trying to write an application that uses WAAD for authentication and authorization. The authentication part works OK (regardless of some challenges), but I'm having trouble with the Graph API for authorization.
I've read a number of tutorials and examples regarding Graph API usage, but given that there are quite a few moving parts involved, odds are that I got something wrong. Nevertheless, when I try to request a token with AuthenticationContext.AcquireToken, I end up with the following error message:
AAL 0x80100018: Token request from ACS failed. Check ServiceErrorMessage property for service message
And the inner exception message says this:
ACS50027: JWT token is invalid.
Trace ID: 4de99def-7478-4f88-96ef-e949a1a6c8fe
Timestamp: 2012-11-20 06:50:45Z
Now, it's nearly impossible to make anything from that error message. But it does occur to me that the WAAD tenant and ACS tenant don't know anything about each other, unless there's some implicit link between the two. None of the tutorials or examples I've read seem to say anything about configuring them, though, so I'm a bit at loss here.