"Token type is not allowed" error on sharepoint REST API

Aniket Nade 11 Reputation points
2022-01-28T13:14:33.523+00:00

Aim:- To access sharepoint through REST Api

Steps taken:-

Created site on sharepoint.
Registered site as an app using https://<<domain>>/sites/<<site name>>/_layouts/15/appregnew.aspx
Granted tenant scope permission using https://<<domain>>/sites/<<site name>>/_layouts/15/appinv.aspx
Permission xml used
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>
4. Collected app identifier from https://<<domain>>/sites/<<site name>>/_layouts/15/appprincipals.aspx
5. Fetched access token using https://accounts.accesscontrol.windows.net/\<<tenant id>>/tokens/OAuth/2/
6. Tried to search using https://bhyve10.sharepoint.com/sites/Tech/\_api/search/query?querytext='smart'
Headers
Content-Type:application/json;odata=verbose
Accept:application/json;odata=verbose
Authorization:Bearer <<access token from step 5>>

     Got below error message
      {"error":"invalid_request","error_description":"Token type is not allowed."}
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,928 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
3,110 questions
{count} votes

2 answers

Sort by: Most helpful
  1. RaytheonXie_MSFT 36,576 Reputation points Microsoft Vendor
    2022-01-31T01:58:18.383+00:00

    Hi @Aniket Nade ,
    For new SharePoint subscription Grant App Permission is disabled by default or the browser link https://xxxx-admin.sharepoint.com/_layouts/15/appinv.aspx is disabled. To enable this feature, we need to connect to SharePoint using Windows PowerShell and then run set-spotenant -DisableCustomAppAuthentication $false.

    Install-Module -Name Microsoft.Online.SharePoint.PowerShell  
    $adminUPN="<the full email address of a SharePoint administrator account, example: jdoe@contosotoycompany.onmicrosoft.com>"  
    $orgName="<name of your Office 365 organization, example: contosotoycompany>"  
    $userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."  
    Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential  
    set-spotenant -DisableCustomAppAuthentication $false  
    

    Afterward, run https://<<domain>>/sites/<<site name>>/_layouts/15/appinv.aspx to grant permission


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


    12 people found this answer helpful.

  2. Anand Khond 10 Reputation points
    2023-02-22T11:28:34.7466667+00:00

    Any other way to solve this issue? I don't have admin access neither I can get it.

    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.