Error consuming endpoint with Oauth 2.0 Token

Pardo, Pablo 0 Reputation points
2023-01-20T10:12:57.49+00:00

Hello.

I have the following problem. I have an API integration with Sharepoint Online where I use "Online" user authentication and it works fine. I have beed requested to change this authentication to Oauth 2.0 Authentication code.

I have been able to get the Oauth 2.0 token (using Azure ACS), but when I try to use it (retreiving a Sharepoint document for example) I get the following error:

Bad request: {"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}.

The user that I use for Online and Oauth 2.0 is the same.

We have tried to set the permissions for the Add-in, but it still doesn´t work.:

Application: Sites.Read.AllSites.ReadWrite.All.

Can you please help me to determine which permission shoud I give to the App in Azure in order to work.

Thank you.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,202 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. RaytheonXie_MSFT 29,041 Reputation points Microsoft Vendor
    2023-01-23T02:25:01.8+00:00

    Hi @Pardo, Pablo

    Please make sure that you have granted SharePoint API permissions for your application first.

    enter image description here

    Then you need to check if you have set the scope correctly. It should be https://yourSite.sharepoint.com/.default

    or detailed scope, such as: https://yoursite.sharepoint.com/Sites.ReadWrite.All

    You can obtain the authorization code in the browser

        https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize? 
        client_id={client id}
        &response_type=code
        &redirect_uri=https://jwt.ms
        &response_mode=query
        &scope=https://{tenant name}.sharepoint.com/.default
        &state=12345
    

    Finally use the authorization code to redeem the access token and refresh token:

    enter image description here

    Here is the document for more details: auth code flow.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.