How to secure Web API with passport-azure-ad (/w vue-msal)

I want to secure Web API with passport-azure-ad and use bearerStrategy. I follow the example the module has provided and pass metadata and clientId, I always got 401 unauthorized. Here is my configs of passport-azure-ad I provided authorization request header with the access token generated by vue-msal. I also checked the access token’s signature is not valid as well. In addition, I used ID token instead but still 401 unauthorized. In portal /AAD /App registration, I’ve enabled both of implicit grant flowã€accessTokenAcceptedVersion: 2ã€granted admin consent for my subscription in API permissions What else did I missed ? Answer In your

Azure AD authentication failed using idToken or accessToken. Which one should I use?

In the azure active directory documentation it states: idToken: id_tokens are sent to the client application as part of an OpenID Connect flow. They can be sent along side or instead of an access …