I am trying to create a linked service in Data Factory to Share point Online but i am getting connection error

Question

I am trying to create a linked service in Data Factory to Share point Online but i am getting connection error

Dee T 26

Hi I am referring this document: https://learn.microsoft.com/en-us/azure/data-factory/connector-sharepoint-online-list and I am able to complete all the steps mentioned but when I test the connection I get this error:

Failed to get metadata of odata service, please check if service url and credential is correct and your application has permission to the resource. Expected status code: 200, actual status code: Unauthorized, response is : {"error":"invalid_request","error_description":"Token type is not allowed."}.

KranthiPakala-MSFT 46,637 Reputation points Microsoft Employee Moderator

2021-01-19T23:36:44.947+00:00

Hi @Dee T ,

Welcome to Microsoft Q&A platform and thanks for your query.

Could you please confirm if you are trying to copy data from SharePoint Online List (Sharepoint Online list connector - it supports copying data from SharePoint Online List but not file) or copy file from sharepoint online (HTTP connector to be used)? And also please confirm what is the Linked service type you have used?

I would also recommend you to please try POSTMAN to test the connection first before testing it in ADF. If you see the same issue with POSTMAN as well, then the error could be due to your app was not trusted. I think you might have missed some steps while granting SharePoint Online site permission to your registered application (AAD app). I would recommend to re-evaluate/follow the prerequisites once again.

Could you please try and let us know how it goes with POSTMAN?

Thanks
KranthiPakala-MSFT 46,637 Reputation points Microsoft Employee Moderator

2021-01-20T22:38:44.637+00:00

Hi @Dee T ,

Following up to see if you have got a chance to see my previous comment? If so could you please confirm if you were able to test your scenario as mentioned in my previous comment?

Looking forward to your confirmation.

Thanks
Dee T 26 Reputation points

2021-01-21T07:41:10.763+00:00

Hi,

Yes I am trying to trying to copy data from SharePoint Online List( Sharepoint Online list connector).

As per your recommendation I tested the connection on POSTMAN and it works fine there but when I test in ADF i still get the same error.

What could be the possible reason for that?
KranthiPakala-MSFT 46,637 Reputation points Microsoft Employee Moderator

2021-01-22T22:48:31.387+00:00

Hi @Dee T ,

Thanks for your response. I tried to reproduce the error you are experiencing by having inappropriate config but no luck. I am getting a different error but if I configure correctly as per the steps mentioned in the document, Linked service test connection is working fine.

Could you please confirm if you have used the same AAD registered app ID and client secret to generate the bearer token which was used in your postman testing? The reason I wanted to check this is because if you are able to test successfully with same AAD registered app in POSTMAN then it should ideally work in ADF linked service unless there is a difference.

In the meantime I'll also reach out to internal team to get additional inputs on this issue.

Thanks
KranthiPakala-MSFT 46,637 Reputation points Microsoft Employee Moderator

2021-01-22T22:51:34.093+00:00
Continuation to above comment:

In the meantime please refer to below SO thread where they had a discussion on similar error message and see if that helps.

-https://stackoverflow.com/questions/63904289/sharepoint-online-oauth-2-0-invalid-token-type-for-new-o365-tenant

https://sharepoint.stackexchange.com/questions/284402/sharepoint-online-authorization-issue-token-type-is-not-allowed

Related MS doc: https://learn.microsoft.com/sharepoint/dev/spfx/tenant-properties?tabs=sprest

Thanks
Dee T 26 Reputation points

2021-01-25T15:12:52.183+00:00

Hi I tested the connection on Postman. I have used the same AAD registered app ID and client secret to generate the bearer token which was used in the postman testing.

2 answers

Your answer

KranthiPakala-MSFT 46,637 Reputation points Microsoft Employee Moderator

2021-01-19T23:36:44.947+00:00

Hi @Dee T ,

Welcome to Microsoft Q&A platform and thanks for your query.

Could you please confirm if you are trying to copy data from SharePoint Online List (Sharepoint Online list connector - it supports copying data from SharePoint Online List but not file) or copy file from sharepoint online (HTTP connector to be used)? And also please confirm what is the Linked service type you have used?

I would also recommend you to please try POSTMAN to test the connection first before testing it in ADF. If you see the same issue with POSTMAN as well, then the error could be due to your app was not trusted. I think you might have missed some steps while granting SharePoint Online site permission to your registered application (AAD app). I would recommend to re-evaluate/follow the prerequisites once again.

Could you please try and let us know how it goes with POSTMAN?

Thanks
KranthiPakala-MSFT 46,637 Reputation points Microsoft Employee Moderator

2021-01-20T22:38:44.637+00:00

Hi @Dee T ,

Following up to see if you have got a chance to see my previous comment? If so could you please confirm if you were able to test your scenario as mentioned in my previous comment?

Looking forward to your confirmation.

Thanks
Dee T 26 Reputation points

2021-01-21T07:41:10.763+00:00

Hi,

Yes I am trying to trying to copy data from SharePoint Online List( Sharepoint Online list connector).

As per your recommendation I tested the connection on POSTMAN and it works fine there but when I test in ADF i still get the same error.

What could be the possible reason for that?
KranthiPakala-MSFT 46,637 Reputation points Microsoft Employee Moderator

2021-01-22T22:48:31.387+00:00

Hi @Dee T ,

Thanks for your response. I tried to reproduce the error you are experiencing by having inappropriate config but no luck. I am getting a different error but if I configure correctly as per the steps mentioned in the document, Linked service test connection is working fine.

Could you please confirm if you have used the same AAD registered app ID and client secret to generate the bearer token which was used in your postman testing? The reason I wanted to check this is because if you are able to test successfully with same AAD registered app in POSTMAN then it should ideally work in ADF linked service unless there is a difference.

In the meantime I'll also reach out to internal team to get additional inputs on this issue.

Thanks
KranthiPakala-MSFT 46,637 Reputation points Microsoft Employee Moderator

2021-01-22T22:51:34.093+00:00

Continuation to above comment:

In the meantime please refer to below SO thread where they had a discussion on similar error message and see if that helps.

-https://stackoverflow.com/questions/63904289/sharepoint-online-oauth-2-0-invalid-token-type-for-new-o365-tenant

https://sharepoint.stackexchange.com/questions/284402/sharepoint-online-authorization-issue-token-type-is-not-allowed

Related MS doc: https://learn.microsoft.com/sharepoint/dev/spfx/tenant-properties?tabs=sprest

Thanks
Dee T 26 Reputation points

2021-01-25T15:12:52.183+00:00

Hi I tested the connection on Postman. I have used the same AAD registered app ID and client secret to generate the bearer token which was used in the postman testing.

Answer 1

https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs

Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), has been retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the https://accounts.accesscontrol.windows.net hostname (which is not impacted by this retirement). For more information, see Impact of Azure Access Control retirement for SharePoint Add-ins. For new tenants, apps using an ACS app-only access token is disabled by default. We recommend using the Azure AD app-only model which is modern and more secure. But you can change the behavior by running ‘set-spotenant -DisableCustomAppAuthentication $false' (needs the latest SharePoint admin PowerShell).

Answer 2

I've had the same issue, and spend some time understanding why and how to resolve.

I have made the following guide on what to do in Sharepoint, to allow Data Factory to access SharePoint online (after November 2018 due to ACS, as Peter Holar also states).

How to article here:

https://github.com/kasperulvedal/Azure-Data-Factory-Stuff/blob/main/Linked%20Services/Sharepoint/Setting%20up%20Sharepoint%20so%20Azure%20Data%20Factory%20can%20access%20it.md#setting-up-sharepoint-so-azure-data-factory-can-access-it

Sharing the link, just in case someone will run into the same issue.

Share via

I am trying to create a linked service in Data Factory to Share point Online but i am getting connection error

2 answers

Your answer