"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."

Question

we are trying to access a sharepoint api securely using azure oauth2. we got the bearer token but while accessing sharepoint rest api, we are getting Status code: 401 Unauthorized and Response: {"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}

1. We have registered a client application in azure AD a. Defined redirect uri in authentication b. Mapped access roles to service user account c. Defined client secret d. Defined API permissions and admin consent has been provided

Token Endpoint: https://login.microsoftonline.com/66395830-4e70-4a10-8f30-225fe9afd23b/oauth2/v2.0/token

Method: POST Body parameters: scope:https://66395830-4e70-4a10-8f30-225fe9afd23b.sharepoint.com/.default redirect_uri:https://cscglobal.sharepoint.com/teams/uatCLSService/BusinessLicense/KB/_api/Web/lists grant_type:client_credentials ( note: we have also tried with password and authorization_code values by passing respective parameters ) client_secret:XXXXXX client_id:XXXXX

Answer 1

I think you may set the scope in a wrong way. As far as I know, it should be https://yourSite.sharepoint.com/.default or detailed scope, such as: https://yourSite.sharepoint.com/Sites.ReadWrite.All

And now it is suggested to use Microsoft Graph API to manage your sharepoint site.

It provides a unified programmability model that you can use to access the tremendous amount of data in Office 365, Windows 10, and Enterprise Mobility + Security.