根据您的描述，我假设您使用的是

According to your description, I assumed that you are using Authentication and authorization in Azure App Service for your azure function app.

并作为身份验证在App Service中的工作方式说明如下:

通过Web浏览器与您的应用程序进行交互的用户将设置一个cookie，以便他们在浏览您的应用程序时保持身份验证.对于其他客户端类型(例如移动设备)，应在X-ZUMO-AUTH标头中显示的JSON Web令牌(JWT)将发布给客户端. Mobile Apps客户端SDK将为您处理此问题. 或者，Azure Active Directory身份令牌或访问令牌也可以直接作为承载令牌包含在Authorization标头中.

根据您的情况，我创建了两个aad应用程序，并设置了Web应用程序访问其功能应用程序的aad应用程序所需的权限，如下所示:

Based on your scenario, I created my two aad apps and set the required permission for my web app to access the aad app of my function app as follows:

并为我的azure函数应用启用AAD身份验证，如下所示:

And enable AAD authentication for my azure function app as follows:

然后使用以下代码获取访问令牌:

Then getting the access token by using the following code:

var clientCredential = new ClientCredential("{clientId-for-my-web-app}", "{clientSecret-for-my-web-app}");
var authContext = new AuthenticationContext("https://login.windows.net/{tenantId}");
var result = await authContext.AcquireTokenAsync("{clientId-for-my-function-app}", clientCredential);

测试:

总而言之，您可以使用 https://jwt.io/解码访问令牌，然后检查aud如下:

In summary, you could decode your access token by using https://jwt.io/ and check the aud as follows:

此外，我注意到您的requestUrl包含查询字符串code.如果同时启用功能级别授权和基于用户的身份验证，则还需要确保您的功能密钥或主密钥正确.另外，您可以为您的azure函数设置匿名授权级别，并仅利用基于用户的身份验证.

Moreover, I noticed that your requestUrl contains the query string code. If you both enable the function level authorization and the user-based authentication, you also need to make sure your function key or master key is correct. Also, you could just set the anonymous authorization level for your azure function and just leverage the user-based authentication.