1

I am trying to pull sharepoint list details using REST API from my Angular code. I am getting the error "ID4183: The Security Token failed Audience restriction validation." in API response.

I googled about this and could not find any useful info.

If you can share any details on how to fix this error or throw some tips, it would be greatly helpful to me.

First i am calling an API to get token details. Using this token, i call a different API which is supposed to return sharepoint list details.

This is working fine when i try in POSTMAN. However when i try below code as part of my angular application, i am getting error "ID4183: The Security Token failed Audience restriction validation.". 

//Approach 2
    var token_url = 'https://accounts.accesscontrol.windows.net/b9b831a9-6c10-40bf-86f3-489ed83c81e8/oauth2/token';
    var form2 = {
        resource: "00000003-0000-0ff1-ce00-000000000000/<company name>.sharepoint.com@b9b831a9-6c10-40bf-86f3-489ed83c81e8",
        grant_type: "client_credentials",
        client_id: "e4a6866e-1bea-46c0-a1dd-502660ad3291",
        client_secret: "A*2uZV[*:srCH94e0-kcvoq[i@TRz4dO"
    };
    console.log('Form 2', $httpParamSerializerJQLike(form2));

    var token;
    $http({
        method: "post",
        url: token_url,
        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
        data: $httpParamSerializerJQLike(form2)
    }).then(function (response) {
        console.log('In success', response);
        token = response.data.access_token;
        console.log('Token is ', token);

        //Pull Sharepoint data
        console.log('Calling API to pull sharepoint list data')
        $http({
            method: 'get',
            url: "https://<company name>.sharepoint.com/teams/EIMGDS/_api/web/lists/GetByTitle('Useful%20Links')/items",
            headers: {
                'Accept': 'application/json; odata=nometadata',
                'Authorization': 'Bearer '+token
            }
        }).then(function (response) {
            console.log('List success', response);
        },
        function (response) {
            console.log('Error in pulling List', response);
        });        
    },
    function (response) {
        console.log('Error in loadFile', response);
    });

I expect a json output with sharepoint list details.

However i am receiving error "ID4183: The Security Token failed Audience restriction validation.".

Kiriti
  • 51
  • 7

1 Answers1

1

Please try to open the access token with a JWT decoder, to verify the audience (I used online JWT decoder to do so, the parameter you look in the under payload is aud) is what you are expecting. https://jwt.io/

(change 'resource' to the correct url that you are trying to access and try again, if it is not working check 'API permissions' and verify that Microsoft Graph (Delegated: Directory.Read.All, Sites.Read.All and perhaps User.Read are granted)

The following were helpful in solving the same error as described in this question: Invalid Audience URI error Service to Service application, onedrive for business

"I eventually found the AAD permission which is required to be able to call the ALM APIs: Office 365 SharePoint Online > Delegated Permissions > Have full control of all site collections (this is mandatory) Windows Azure Active Directory > Delegated Permissions > Access the directory as the signed-in user (not sure if this one is mandatory)"

and

https://github.com/SharePoint/sp-dev-docs/issues/1828

"... I use OneDrive for business API (and not office 365 management API) to download\upload files, This means the resource parameter you provide while retrieving access token should be:

https://[tenant redacted]-my.sharepoint.com

..."

aalesund
  • 313
  • 1
  • 4
  • 13