Authentication Token Issues with Azure Data Factory When Accessing Microsoft Graph API

Xavier Ibanez-Padron 0 Reputation points

I am currently facing challenges with an Azure Data Factory pipeline that's configured to access data from the Microsoft Graph in a production environment. While I can successfully fetch authentication tokens using a POST request ({tenant}/oauth2/token), these tokens are deemed invalid when used in a GET request to the Microsoft Graph API. Curiously, when I replicate the process manually in POSTMAN with the same token, it works flawlessly. I initially encountered an issue using the OAuth v2.0 endpoint, where I could only fetch access tokens for half of my customers. Interestingly, for those customers whose tokens were successfully fetched, the tokens worked perfectly in the subsequent Microsoft Graph API GET requests. To address the fetching issue, I switched to the OAuth v1.0 endpoint, which allowed all customers to obtain their tokens. However, this led to a new problem where all the tokens, though successfully obtained, were deemed invalid when used in the Azure Data Factory pipeline to make GET requests to the Microsoft Graph API. Any insights or recommendations to resolve this issue would be greatly appreciated.

Error Message:
Request URL:[endpoint]

  • Code: InvalidAuthenticationToken
  • Message: Access token validation failure. Invalid audience.
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,126 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
9,932 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Amira Bedhiafi 18,186 Reputation points

    Have you tried adding adding V2.0 in /oauth2/v2.0/token ?

    It appears that your token is intended for the wrong audience. To call the Microsoft Graph API, you need to obtain a token specifically for Microsoft Graph, meaning the access token should include "aud": "".

    It seems you're using the [AAD auth code flow][1] to get the token. When requesting an authorization code, use the scope

    Here's the authorization request URL:


    When requesting the token, also use scope=


    To successfully call the API, ensure that your client app has been granted the appropriate [Delegated Microsoft Graph API permissions][2] based on the API you intend to use. For example, if you want to call the [List users][3] API, you need the correct permissions.

    More links :

    0 comments No comments