Share via

Microsoft Graph API error: Access token validation failure. Invalid audience.

MelData 46 Reputation points
2022-09-04T13:01:51.96+00:00

We have registered the app in AAD and granted the following permission to Microsoft Graph under API permissions in Azure portal
237642-image.png

After passed in tenant id, client id, client secret.
237632-image.png

we generated an access token
237651-image.png

When I call the users API endpoint, I got an Invalid audience error as below:
237530-image.png

Can anyone please point me where the issue is. thank you. I am not sure about resource: "00000002-0000-0000-c000-000000000000"

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,274 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. MelData 46 Reputation points
    2022-09-05T09:23:43.423+00:00

    It works after adding V2.0 in /oauth2/v2.0/token

    9 people found this answer helpful.
  2. Vasil Michev 108.1K Reputation points MVP
    2022-09-04T14:02:33.483+00:00

    First of all, you are using the client credentials flow - this requires Application permissions, not Delegate ones. To understand the difference between the two types and decide which one is more appropriate for your scenario, read here: https://learn.microsoft.com/en-us/graph/auth/auth-concepts#delegated-and-application-permissions
    Moreover, the method you seem to be using corresponds to the old Azure AD Graph API, not the Microsoft Graph one (audience/resource should be "00000003-0000-0000-c000-000000000000").

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.