stackoom
  简体   繁体   中英

Not able to access Microsoft Graph Api using OAuth Access token

 原文  2022-01-03 13:58:41       oauth/ azure-active-directory/ microsoft-graph-api/ access-token/ onedrive

Question

I am trying to access Microsoft Graph Api for my OneDrive Business account. I have created an app in Azure Directory. I am able to authenticate, I am getting an access token but when trying to use that access token and use this api https://graph.microsoft.com/v1.0/me . I am getting this error: "Access token validation failure. Invalid audience." I dont know if I am missing any permission to access Graph APi?

1 answers

solution1
 0  2022-01-05 12:10:23

According to Resolve Microsoft Graph authorization errors - Microsoft Graph | Microsoft Docs

API services like Microsoft Graph check that the aud claim (audience) in the received access token matches the value it expects for itself, and if not, it results in a 403 Forbidden error. A common mistake that causes in this error is trying to use a token acquired for Azure AD Graph APIs, Outlook APIs, or SharePoint/OneDrive APIs to call Microsoft Graph (or vice versa). Ensure that the resource (or scope) your app is acquiring a token for matches the API that the app is calling.

As your error message says, your token audience is invalid,you must have set wrong scope when requesting the token.Please check the aud claim as commented in https://jwt.ms . Try to set the scope to https://graph.microsoft.com/.default in authentication request and give delegated and application permissions under Microsoft apis> Microsoft graph and grant admin consent to the api. etc. The api call only supports delegated permissions, so you can't use the client credential flow to get the token. For the /me endpoint, the user needs to log in, so you need Use auth code flow to obtain an access token. Calling /me end point requires delegated permissions.

在此处输入图像描述

And calling one drive api from that also requires another additional permissions for different activity.

You can make use of Graph Explorer to see the permissions required and according grant admin consent for the same through explorer itself or through portal.

在此处输入图像描述

If still error remains, please change the accesstokenacceptedversion to 2 if it is null or 1 or vice versa. And try again.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unable to access Microsoft Graph API after getting OAuth access_token Refreshing an OAuth access token for Microsoft Live API How to verify oauth token generated using Microsoft Graph API One access token for OAuth using Twitter API How to access Outlook IMAP server using OAuth tokens retrieved from Microsoft Graph API? WebApi: How to call Facebook Graph API by using an access token originated from the OAuth dialog Error trying to connect to Facebook Graph API in R using http OAuth - “An access token is required to request this resource.” Getting "Invalid OAuth access token." response for /instagram_oembed endpoint using Instagram Graph API Microsoft Graph API Returning “Access Token Validation Error” Retrieve access token for Yahoo API using OAuth 2.0 and Python requests
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM