您似乎未添加了已注册应用程序的(正确)对象ID.重要的是，应用程序注册具有对象ID，但是服务主体也是如此.它是您要查找的服务主体的应用程序ID.

It looks like you have not added the (correct) object id of the registered application. Importantly, the application registration has an object id, but so does the service principal. It is the application id for the service principal you are looking for.

在此处查看说明:

https://docs.microsoft.com/en-us/azure/healthcare-apis/find-identity-object-ids

您可以使用PowerShell找到它的服务主体对象ID:

You can find it the service principal object id with PowerShell:

$(Get-AzureADServicePrincipal -Filter "AppId eq 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'").ObjectId

或Azure CLI:

or the Azure CLI:

az ad sp show --id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX | jq -r .objectId

我还建议您将令牌粘贴到类似 https://jwt.ms 的内容中，然后查看 oid 声明.那是您添加的对象ID吗?

I would also recommend pasting your token into something like https://jwt.ms and look at the oid claim. Is that the object id you added?