Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
It works after adding V2.0 in /oauth2/v2.0/token
Microsoft Graph API error: Access token validation failure. Invalid audience.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 21%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MelData
56
Reputation points
We have registered the app in AAD and granted the following permission to Microsoft Graph under API permissions in Azure portal
After passed in tenant id, client id, client secret.
we generated an access token
When I call the users API endpoint, I got an Invalid audience error as below:
Can anyone please point me where the issue is. thank you. I am not sure about resource: "00000002-0000-0000-c000-000000000000"
Microsoft Security | Microsoft Graph
3 answers
Sort by: Most helpful
-
MelData 56 Reputation points
2022-09-05T09:23:43.423+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 88%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECN%3C/text%3E%3C/svg%3E)
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 3%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
James Bell 1 Reputation point2025-02-03T16:53:18.79+00:00 This suggestion holds up, even after 2 years. Excellent suggestion. "Invalid Audience" is resolved by specifying the correct version in the token URL
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 78%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
arash ramez 0 Reputation points2025-01-08T12:36:51.59+00:00 You should get access token from version 2 of token endpoint as below example
curl --location 'https://login.microsoftonline.com/xxxxxxx-xxxxx-xxxxx-xxxxx/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={Client-ID-HERE}' \
--data-urlencode 'client_secret={CLIENT-SECRET_HERE}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=https://graph.microsoft.com/.default'
-
Vasil Michev 126.1K Reputation points MVP Volunteer Moderator2022-09-04T14:02:33.483+00:00 First of all, you are using the client credentials flow - this requires Application permissions, not Delegate ones. To understand the difference between the two types and decide which one is more appropriate for your scenario, read here: https://learn.microsoft.com/en-us/graph/auth/auth-concepts#delegated-and-application-permissions
Moreover, the method you seem to be using corresponds to the old Azure AD Graph API, not the Microsoft Graph one (audience/resource should be "00000003-0000-0000-c000-000000000000").-
MelData 56 Reputation points
2022-09-05T00:25:12.607+00:00 Thanks for your reply.
We will try API permission and see. However, the access token was generated successfully? Not quite sure why it returns an older Azure AD Graph API. -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 80%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Finazzo, Michael 0 Reputation points2025-09-05T12:47:02.59+00:00 How did you setup your connection to ensure the correct resource is pulled back.
(audience/resource should be "00000003-0000-0000-c000-000000000000")
Sign in to comment -