Error consuming endpoint with Oauth 2.0 Token

Question

Hello.

I have the following problem. I have an API integration with Sharepoint Online where I use "Online" user authentication and it works fine. I have beed requested to change this authentication to Oauth 2.0 Authentication code.

I have been able to get the Oauth 2.0 token (using Azure ACS), but when I try to use it (retreiving a Sharepoint document for example) I get the following error:

Bad request: {"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}.

The user that I use for Online and Oauth 2.0 is the same.

We have tried to set the permissions for the Add-in, but it still doesn´t work.:

Application: Sites.Read.All, Sites.ReadWrite.All.

Can you please help me to determine which permission shoud I give to the App in Azure in order to work.

Thank you.

Answer 1

Hi @Pardo, Pablo

Please make sure that you have granted SharePoint API permissions for your application first.

Then you need to check if you have set the scope correctly. It should be https://yourSite.sharepoint.com/.default

or detailed scope, such as: https://yoursite.sharepoint.com/Sites.ReadWrite.All

You can obtain the authorization code in the browser

    https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize? 
    client_id={client id}
    &response_type=code
    &redirect_uri=https://jwt.ms
    &response_mode=query
    &scope=https://{tenant name}.sharepoint.com/.default
    &state=12345

Finally use the authorization code to redeem the access token and refresh token:

Here is the document for more details: auth code flow.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.