I am trying to access Microsoft Graph Api for my OneDrive Business account. I have created an app in Azure Directory. I am able to authenticate, I am getting an access token but when trying to use that access token and use this api https://graph.microsoft.com/v1.0/me. I am getting this error : "Access token validation failure. Invalid audience." I dont know if I am missing any permission to access Graph APi?
Not able to access Microsoft Graph Api using OAuth Access token
1k views Asked by Vishesh Aalwani At
1
There are 1 answers
Related Questions in OAUTH
- Lambda endpoint for the Google OAuth callback does not recieve the access_token
- Miro oauth api throws error 401 Invalid authorization code
- Error from Identity Provider - OIDC Scope Error
- get refresh token in axios interceptor
- How would single sign-on work for my multi-tenant application?
- How to get OAuth2 Access token from Postman
- How to use Oauth in order to log‑in on .googleapis.com on almost any arbitrary endpoints domains from the web browser?
- How to fix common 500 internal server error when use POST method on NEXTJS
- How to use a different account for OAuth with dbt-core and profiles.yml?
- ASP.NET Core Google external login issue
- Implementing IDP Initiated Flow Using OIDC
- Migration of UseOAuthAuthorizationServer from .Net Framework to .Net8
- Django Allauth Bad Request Error, Error Retrieving Access Token: Invalid Grant
- angular oauth 2 oidc doesn't work with github idp
- Handling oauth in flutter app without browser
Related Questions in AZURE-ACTIVE-DIRECTORY
- How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
- Microsoft Entra ID - How to delete a tenant?
- Azure AD guest account in web app authentication user claims data
- Handling errors in MSAL Redirect - reactjs login with microsoft sso
- Azure Cross Cloud Auth using AAD
- Get id token from the access token
- Microsoft Identity does not work in docker desktop
- how to get refresh token in msal-browser Azure AD B2C login?
- Local DX for service-to-service authentication based on Managed Identities in Azure
- How can I add an identity provider to an existing user in an AWS Cognito user pool using the OIDC protocol?
- Azure B2C MFA custom policy flow 'try another way'
- How can I protect an Java Spring boot API against Azure AD B2C if I only have an id_token?
- Is there any way to get a new Azure CLI token without logging out?
- Code a Delegated Permission in Azure Powershell
- Service Principals I create are not being created as mine
Related Questions in MICROSOFT-GRAPH-API
- Teams tab application returns SSO error in mobile Outlook
- Implementing Incremental consent when using both application and delegated permissions
- Issue uploading files in spring boot java to onedrive using API
- Validating Access Token in ASP.NET Core Web API project
- MS Graph API Error 504: Timeout when send large data (Java Sdk 5.80.0)
- Why does the API getTeamsTeamActivityDetail has missing data?
- .NET 8 DownstreamAPI not authenticating
- Inquiry Regarding Feasibility of Fetching User login hours(In numbers) Status from Teams for SPFx Integration
- MS Graph .net SDK cannot expand calendar event SingleValueExtendedProperties
- How to disable cached responses from node fetch? (Microsoft Bookings API)
- Build self service Microsoft Partner Center portal using Graph API ( web app )
- Adding skiptoken to query parameters for graph api v5 requests
- OneDrive download link to a direct link not working, auth requested
- Microsoft Teams, Graph API, send message to channel InsufficientPrivileges MessageWritesBlocked-Thread is not marked for import
- Microsoft graph api to get lists in a sharepoint site not listing all lists
Related Questions in ACCESS-TOKEN
- Page access token
- Error creating auth token for newly registered user in Django Rest Framework
- Handling Access Tokens and Refresh Token in an Apple Watch Companion App
- How to prevent o365 API connection from becoming invalidated from expired access token when using azure logic apps send email action
- How to secure JWT token
- Does bcp utility support Token based Authentication? If yes, I would like to know the process and which version of bcp to be used
- Rotating Gitlab's Service Account tokens with specified expiry
- how to store access token using cookie in Java spring boot?
- Will the refresh tokens issue new access token if a compromised access token is sent to the server?
- Upload data to Sharepoint from Databricks using Python
- How do I implement fine grained control to blobs in Azure Blob Storage using access tokens from Azure AD (Entra Id)?
- Symfony: get specific token info (app id) and use it inside app rights management
- Express.js with Azure Managed Identity not able to refresh access token after it expires
- How to get access token for further API calls in next-auth when you use personal server as provider in NextJs with TS?
- AttributeError: 'RefreshToken' object has no attribute 'blacklist_after'
Related Questions in ONEDRIVE
- OneDrive API Upload Large File
- Difficulty Accessing SharePoint Files in Docker Container for R Script Execution
- Error uploading file to OneDrive through CodeIgniter
- OneDrive download link to a direct link not working, auth requested
- How to get Files status from OneDrive in c# without using any APIs?
- Excel embedding through OneDrive: preview is correct, while the end result is not
- How to add a new menu item on OneDrive action menu?
- How to create a permanent download link to a OneDrive file
- Delete User OneDrive permanent and immediately
- Use sharepoint One Drive as a file share to run scripts from for powershell
- OneDrive FilePicker cannot set filter with uppercase
- Random error with CreateUploadSession + OneDrive for Business: The request is malformed or incorrect
- Onedrive has stopped creating folders
- UIDocumentPickerViewController: Cannot access file from OneDrive
- Problem sending file to server when in OneDrive
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
According to Resolve Microsoft Graph authorization errors - Microsoft Graph | Microsoft Docs
As your error message says, your token audience is invalid ,you must have set wrong scope when requesting the token.Please check the aud claim as commented in https://jwt.ms . Try to set the scope to
https://graph.microsoft.com/.defaultin authentication request and givedelegatedandapplication permissionsunder Microsoft apis> Microsoft graph andgrant admin consentto the api. etc . The api call only supports delegated permissions, so you can't use the client credential flow to get the token. For the /me endpoint, the user needs to log in, so you need Use auth code flow to obtain an access token. Calling /me end point requires delegated permissions.And calling one drive api from that also requires another additional permissions for different activity.
You can make use of Graph Explorerto see the permissions required and according grant admin consent for the same through explorer itself or through portal.
If still error remains , please change the accesstokenacceptedversion to 2 if it is null or 1 or vice versa. And try again.