Error: 401 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown.

Question

Error: 401 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown.

Mark Lui 26

I want to query (not update) all the items under a SharePoint Online list thru REST API: https://{mysiteurl}.sharepoint.com/mysite/_api/web/lists/getbytitle('{mylistname}') I can successfully get the token via:
https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token But when I submit the POST request to the API I got the error response:
Error: 401 {"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."} here is the App permission I have:
User's image

Could you please assist? Thanks.

Fulvio Mercoliano 75 Reputation points Microsoft Employee

2024-02-19T08:56:10.56+00:00

Can you please share the request you made to login.microsoftonline.com to obtain the token? I see 2 possible issues here: you are requesting the token for the wrong api (MS Graph instead of Sharepoint) or if you are using the client_credentials flow you are selecting the wrong permission from the UI, given that with client_Credentials flow you must select permissions of type "Application", not "Delegated".

2 answers

Your answer

Fulvio Mercoliano 75 Reputation points Microsoft Employee

2024-02-19T08:56:10.56+00:00

Can you please share the request you made to login.microsoftonline.com to obtain the token? I see 2 possible issues here: you are requesting the token for the wrong api (MS Graph instead of Sharepoint) or if you are using the client_credentials flow you are selecting the wrong permission from the UI, given that with client_Credentials flow you must select permissions of type "Application", not "Delegated".

Answer 1

RaytheonXie_MSFT 40,476 Microsoft External Staff

Hi @Mark Lui,

If you wan to update a list item, you will need at lease Sites.ReadWrite.All permission. You could click on "API permissions" in the left menu bar, and click on the "Add a permission" button. A new blade will appear. Here you choose the permissions that you will grant to this application. Choose i.e.:

SharePoint
- Application permissions
  - Sites
    - Sites.ReadWrite.All
    ---If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

RaytheonXie_MSFT 40,476 Reputation points Microsoft External Staff

2024-01-22T08:44:36.9933333+00:00

Hi @Mark Lui, Would you tell me whether your issue has been resolved or have any update? If you have any questions or progress, you can contact me in time.
Alexandra Liu 0 Reputation points

2024-02-19T08:51:02.59+00:00

Hi, I am trying to request URL: https://{mysite}.sharepoint.com/_api but I got the error response: 401 Unauthorized: "401 UNAUTHORIZED". I selected Site.Readwrite.All and Site.FullControl.All permissions, it still doesn't work. Could you please assist? Thanks.

Answer 2

Hello,

we have exactly the same problem. We want to gather information from whole SPO (Included Sites, Teams and MySites). Gathering information from Sites and Teams are working perfectly, but when we want to gather information from MySites ( company-my.sharepoint.com/...) it's returning "The remote server returned an error: (401) Unauthorized.".

We are using registered APP in Entra ID with certificate and application permissions for SharePoint:

"roles": [ "User.Read.All", "Sites.Read.All", "Sites.FullControl.All"].

It looks like a "bug" that we cannot access MySites for all users.

Share via

Error: 401 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown.

2 answers

Your answer