在评论中进行了不那么简短的讨论后，问题得以解决.

After a not-so-short discussion in the comments the issue was resolved.

讨论的重点:

• 访问令牌包含值为https://graph.microsoft.com的aud声明，这意味着该令牌用于Microsoft Graph API，而不是其API
• 需要在 https://apps.dev.microsoft.com/上注册Web API. a>，然后应用需要使用类似于api://25f66106-edd6-4724-ae6f-3a204cfd9f63/access_as_user
的scope来请求访问令牌

• The access token contained an aud claim with the value of https://graph.microsoft.com, which means the token is meant for the Microsoft Graph API, not their API
• A Web API needed to be registered at https://apps.dev.microsoft.com/, after which the app needed to ask for an access token using a scope similar to: api://25f66106-edd6-4724-ae6f-3a204cfd9f63/access_as_user

因此，请确保aud声明包含您的API的客户端ID或应用ID URI.这意味着它适用于您的API.

So make sure that the aud claim contains the client ID or app ID URI for your API. That means it is meant for your API.

令牌还需要包含必要的范围.

The token also needs to contain the necessary scopes.

从AAD请求访问令牌时，请确保指定正确的范围.

When asking for an access token from AAD, make sure you specify the correct scopes.

此外，如果您使用的是v1端点，请确保使用ADAL，而不是MSAL.在v1中，也必须使用resource(而不是范围)，resource的值必须设置为API的客户端ID或应用ID URI.

Also, if you are using the v1 endpoints, make sure to use ADAL, not MSAL. In v1 also instead of scope, you have to use resource, which must have a value set to either the client ID or app ID URI of the API.