SharePoint OAuth token request failed

Sean Riedel 21 Reputation points
2021-06-04T15:46:33.743+00:00

I have a console application that connects to a SharePoint site to retrieve some data. It uses a Client ID and Client Secret generated on the AppRegNew page for that site. The app has been granted full rights to the Site Collection. These are relatively new ID's so they have not expired.

Recently it began failing with a "Token request failed", "Remote server returned an error: (401) Unauthorized."

We are using a commonly used TokenHelper class to retrieve the token.

We did have some older App Client ID's hanging around so I deleted the old one's using the AppPrincipals page, however I can still perform a lookup on them in the AppInv page so I don't believe they are actually removed.

Is there something I can check on the SharePoint side to try and determine why this Client ID cannot request a Token successfully?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,622 questions
0 comments
Accepted answer
  1. MichaelHan-MSFT 18,016 Reputation points
    2021-06-07T01:47:02.677+00:00

    Hi @Sean Riedel ,

    This article would be helpful: https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/provider-hosted-app-pha-application-errors-tls-errors-and-401/ba-p/2273611

    102799-image.png

    You can check which TLS and ciphers are used.

    Here is a similar issue: https://learn.microsoft.com/en-us/answers/questions/401398/sharepoint-add-in-failure-to-acquire-app-only-toke.html?childToView=406335#answer-406335

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

5 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sean Riedel 21 Reputation points
    2021-06-07T13:18:50.78+00:00

    Hello,
    Thank you for your response. This very well may be the issue as my console application is running with .Net Framework 4.5.2 which is quite old.

    However, as another step I have tried retrieving a valid token using Postman and see an error message. This still leads me to believe that there is a SharePoint setup issue involved.

    I am requesting an OAuth 2.0 token. When I request the token, I do see a login prompt (with 2-factor authentication).

    When I enter my credentials I receive the following error:

    https://mycallbackUrl/default.aspx?error=access_denied&error_description=AADSTS650057%3a+Invalid+resource.+The+client+has+requested+access+to+a+resource+which+is+not+listed+in+the+requested+permissions+in+the+client%27s+application+registration.+Client+app+ID%3a+6fb73d33-59df-4a69-8b6b-299b616f2ad1(OAuthAppRenew2021).+Resource+value+from+request%3a+https%3a%2f%2fmysharepoint.sharepoint.com.+Resource+app+ID%3a+00000003-0000-0ff1-ce00-000000000000.+List+of+valid+resources+from+app+registration%3a+.%0d%0aTrace+ID%3a+dfd69934-2d9e-4580-86cf-6670994ce200%0d%0aCorrelation+ID%3a+73883dfa-ab10-4939-a5cf-d616c26a454f%0d%0aTimestamp%3a+2021-06-04+17%3a04%3a38Z#

    Thank you.

  2. MichaelHan-MSFT 18,016 Reputation points
    2021-06-08T02:34:08.383+00:00

    Hi @Sean Riedel ,

    How do you retrieve the access token using postman?

    Please try to get the access token using the below way: 

    URL https://accounts.accesscontrol.windows.net/Tenant ID/tokens/OAuth/2/  
grant_type:client_credentials  
client_id:<Client ID>@<Tenant ID>  
client_secret: <Client Secret>  
resource:00000003-0000-0ff1-ce00-000000000000/<tenant>.sharepoint.com@<tenant ID>

    You could refer to this article for more: https://global-sharepoint.com/sharepoint-online/in-4-steps-access-sharepoint-online-data-using-postman-tool/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. Sean Riedel 21 Reputation points
    2021-06-11T11:44:25.287+00:00

    This did lead me to the correct answer. The application was running under .Net Framework 4.5.2, and an update to 4.7.2 appears to have fixed it.

    0 comments
  4. ericOnline 21 Reputation points
    2021-08-06T17:39:51.403+00:00

    I'm receiving this error when trying to access Sharepoint On-prem from Power Automate:

    Access token not found
    clientRequestId: 7e4375af-c4cf-40ca-8b6e-ad440af75f4b

    I'm able to hit other on-prem servers (Linux, etc.) with Power Automate so I think the On-prem Data Gateway can be ruled out.

    What should I look at to rule out / confirm TLS as the issue?

    0 comments