"Token type is not allowed" error on sharepoint REST API

Aniket Nade 6

Aim:- To access sharepoint through REST Api

Steps taken:-

Created site on sharepoint.
Registered site as an app using https://<<domain>>/sites/<<site name>>/_layouts/15/appregnew.aspx
Granted tenant scope permission using https://<<domain>>/sites/<<site name>>/_layouts/15/appinv.aspx
Permission xml used
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>
4. Collected app identifier from https://<<domain>>/sites/<<site name>>/_layouts/15/appprincipals.aspx
5. Fetched access token using https://accounts.accesscontrol.windows.net/\<<tenant id>>/tokens/OAuth/2/
6. Tried to search using https://bhyve10.sharepoint.com/sites/Tech/\_api/search/query?querytext='smart'
Headers
Content-Type:application/json;odata=verbose
Accept:application/json;odata=verbose
Authorization:Bearer <<access token from step 5>>

     Got below error message
      {"error":"invalid_request","error_description":"Token type is not allowed."}

Anand Khond 5 Reputation points

2023-02-22T11:27:30.55+00:00

Any other way to solve this issue? I don't have admin access neither I can get it.

2 answers

RaytheonXie_MSFT 31,071 Reputation points Microsoft Vendor

2022-01-31T01:58:18.383+00:00
Hi @Aniket Nade ,
For new SharePoint subscription Grant App Permission is disabled by default or the browser link https://xxxx-admin.sharepoint.com/_layouts/15/appinv.aspx is disabled. To enable this feature, we need to connect to SharePoint using Windows PowerShell and then run set-spotenant -DisableCustomAppAuthentication $false.

Install-Module -Name Microsoft.Online.SharePoint.PowerShell $adminUPN="<the full email address of a SharePoint administrator account, example: jdoe@contosotoycompany.onmicrosoft.com>" $orgName="<name of your Office 365 organization, example: contosotoycompany>" $userCredential = Get-Credential -UserName $adminUPN -Message "Type the password." Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential set-spotenant -DisableCustomAppAuthentication $false

Afterward, run https://<<domain>>/sites/<<site name>>/_layouts/15/appinv.aspx to grant permission

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.

8 people found this answer helpful.
RaytheonXie_MSFT 31,071 Reputation points Microsoft Vendor

2022-02-03T08:29:10.197+00:00

Hi @Aniket Nade ,
I am checking to see if the problem has been resolved.

Tudor Iliescu 6 Reputation points

2022-02-22T15:44:36.467+00:00

Great to find this solution works! There's always something annoying in SharePoint that makes you go mad...

RaytheonXie_MSFT 31,071 Reputation points Microsoft Vendor

2022-02-23T01:26:41.007+00:00

Hi @Aniket Nade ,
Thanks for your time in advance.
Glad that you found the solution to this problem. If my answer is helpful to you. Could you please accept the answer via the "Accept Answer" button kindly, it would be helpful to others who have similar issue in the future. It's welcome to raise a ticket in the forum If there is any problem about SharePoint in the future.

Shakeel Saleem 1 Reputation point

2022-07-19T17:55:01.06+00:00

I am facing the error mentioned in the image. Please help on how to resolve this.

"Connect-SPOService : The sign-in name or password does not match one in the Microsoft account system.
At line:1 char:1

Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Creden ...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CategoryInfo : NotSpecified: (:) [Connect-SPOService], IdcrlException

FullyQualifiedErrorId : Microsoft.SharePoint.Client.IdcrlException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService"

Fatemeh_6631 0 Reputation points

2023-02-06T16:26:40.6566667+00:00

Hi, I have the same issue, did you manage to solve?

François Laurent 0 Reputation points

2023-03-07T14:06:55.7033333+00:00

Hi,

from https://www.codetwo.com/admins-blog/connect-to-sharepoint-online-using-powershell/#:~:text=Connect%2DSPOService%20%3A%20The%20sign%2D,multifactor%20authentication%20enabled%20(MFA).

Connect-SPOService : The sign-in name or password does not match one in the Microsoft account system.

There are two possible reasons for this error – either you have made a mistake while inserting your credentials, or you have a multifactor authentication enabled (MFA). If it is due to the MFA, you will need to remove the -Credential parameter while connecting to SharePoint Online and enter your credentials with the traditional, login page experience.

So, if you are admin and you have MFA, just do :

Connect-SPOService -Url https://$orgName-admin.sharepoint.com

tv thang 0 Reputation points

2023-06-27T03:45:49.6266667+00:00

thanks for your help, very useful

tv thang 0 Reputation points

2023-06-27T03:46:58.7666667+00:00

so useful

tv thang 0 Reputation points

2023-06-27T03:47:30.0766667+00:00

many thanks

Ahmad Jahoor 0 Reputation points

2023-07-07T10:48:01.5366667+00:00

The thing is when I first read your anwser you mentioned that https://xxxx-admin.sharepoint.com/_layouts/15/appinv.aspx is disabled but when accessing it I can still see the page and it seemed to be working. You never stated that even though the page seems to be working it is not actually working.

I did follow your instructions and it worked perfectly. Thank you so much man !!
😘😘
Sign in to comment
Anand Khond 5 Reputation points

2023-02-22T11:28:34.7466667+00:00

Any other way to solve this issue? I don't have admin access neither I can get it.
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment