GetAppServiceIdentityAsync AAD returns null

I have a working Azure Mobile .NET backend which has a requirement to expose data securely through a TableController.

The table controller has the the [Authorize] attribute on the controller class definition and I have Token Store Enabled in the Azure Portal's Authentication / Authorization blade.

I'm using the following code to get the user's credentials passed by the mobile client app:

var creds = await this.User.GetAppServiceIdentityAsync(this.Request);

However, when deployed to the Azure portal this always returns a NULL exception; digging deeper I can see "Exception=System.ArgumentOutOfRangeException: The 'principal' parameter must be of type 'ClaimsPrincipal'."

Using JWT.IO, I've inspected the token being passed from the client app and the token looks 100% correct.

With the backend deployed to the Azure Portal and a breakpoint set I see that this.User is null!

How do I get access to the user's credentials, has anyone got this working?

Cheers, Iain