This is what I use for my audience "https://graph.microsoft.com/.default"
I am having a different issue where I can get the Graph API to work for a few hours (maybe a day?) and then I start getting:
{"error":{"code":"InvalidAuthenticationToken","message":"Lifetime validation failed, the token is expired.","innerError":{"date":"2023-10-02T10:27:56","request-id":"","client-request-id":""}}}"
There is not a clear method of how to enable refresh tokens