How to use sharepoint rest api with azure ad app creds?

Yichen Name 86 Reputation points
2022-09-12T04:47:37.447+00:00

I have created an app on azure portal and tried to create access token with this :
https://login.microsoftonline.com/{tenant-id}/oauth2/token
But when I am hitting SharePoint rest api's I am getting below error:

{"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}

Microsoft 365 and Office SharePoint Development
Microsoft Security Microsoft Authenticator
0 comments No comments
{count} votes

Accepted answer
  1. Rob Windsor 2,001 Reputation points
    2022-09-13T11:35:08.4+00:00

    The steps included in the post linked by @Tong Zhang_MSFT register the application with Azure ACS (via appregnew.aspx), not with Azure AD.

    Granting access via Azure AD App-Only covers how to register an app with app-only permissions in Azure AD and how to use that app to interact with SharePoint using PnP PowerShell and the SharePoint PnP Sites Core library. Unfortunately, this resource doesn't cover how to use the app with the "plain" REST API. The basic steps to do this would be to use the Microsoft Authentication Library (MSAL) library to get an access token and then make REST API calls with that token included in the headers of the request.

    One important thing to note, you cannot use Client ID and Client Secret for authentication when authenticating with the REST API or CSOM using an app registered in Azure AD. You have to use Client ID and a certificate. How to register the app to use Client ID and a certificate is shown in the article I linked.

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Tong Zhang_MSFT 9,251 Reputation points
    2022-09-12T09:55:43.463+00:00

    Hi @Yichen Name ,

    Do you want to generate access token? If yes, according to my research and testing, you can achieve it by following the steps in the following document:

    https://global-sharepoint.com/sharepoint-online/in-4-steps-access-sharepoint-online-data-using-postman-tool/

    My test result:
    239984-01.png
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.