Error: 401 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown.

Question

I want to query (not update) all the items under a SharePoint Online list thru REST API: https://{mysiteurl}.sharepoint.com/mysite/_api/web/lists/getbytitle('{mylistname}') I can successfully get the token via:
https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token But when I submit the POST request to the API I got the error response:
Error: 401 {"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."} here is the App permission I have:

Could you please assist? Thanks.

Answer 1

Hi @Mark Lui,

If you wan to update a list item, you will need at lease Sites.ReadWrite.All permission. You could click on "API permissions" in the left menu bar, and click on the "Add a permission" button. A new blade will appear. Here you choose the permissions that you will grant to this application. Choose i.e.:

• SharePoint
  • Application permissions
    • Sites
      • Sites.ReadWrite.All
      ---If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hello,

we have exactly the same problem. We want to gather information from whole SPO (Included Sites, Teams and MySites). Gathering information from Sites and Teams are working perfectly, but when we want to gather information from MySites ( company-my.sharepoint.com/...) it's returning "The remote server returned an error: (401) Unauthorized.".

We are using registered APP in Entra ID with certificate and application permissions for SharePoint:

"roles": [ "User.Read.All", "Sites.Read.All", "Sites.FullControl.All"].

It looks like a "bug" that we cannot access MySites for all users.