Reputation: 1
Not able to access Microsoft Graph Api using OAuth Access token
I am trying to access Microsoft Graph Api for my OneDrive Business account. I have created an app in Azure Directory. I am able to authenticate, I am getting an access token but when trying to use that access token and use this api https://graph.microsoft.com/v1.0/me. I am getting this error : "Access token validation failure. Invalid audience." I dont know if I am missing any permission to access Graph APi?
Upvotes: 0
Views: 1436
Answers (1)
Reputation: 10831
According to Resolve Microsoft Graph authorization errors - Microsoft Graph | Microsoft Docs
API services like Microsoft Graph check that the aud claim (audience) in the received access token matches the value it expects for itself, and if not, it results in a 403 Forbidden error. A common mistake that causes in this error is trying to use a token acquired for Azure AD Graph APIs, Outlook APIs, or SharePoint/OneDrive APIs to call Microsoft Graph (or vice versa). Ensure that the
resource (or scope)yourapp is acquiring a token for matches the API that the app iscalling.
As your error message says, your token audience is invalid ,you must have set wrong scope when requesting the token.Please check the aud claim as commented in https://jwt.ms . Try to set the scope to https://graph.microsoft.com/.default in authentication request and give delegated and application permissions under Microsoft apis> Microsoft graph and grant admin consent to the api. etc . The api call only supports delegated permissions, so you can't use the client credential flow to get the token. For the /me endpoint, the user needs to log in, so you need Use auth code flow to obtain an access token.
Calling /me end point requires delegated permissions.
And calling one drive api from that also requires another additional permissions for different activity.
You can make use of Graph Explorerto see the permissions required and according grant admin consent for the same through explorer itself or through portal.
If still error remains , please change the accesstokenacceptedversion to 2 if it is null or 1 or vice versa. And try again.
Upvotes: 0
Related Questions
- Microsoft graph return "access token is empty"
- Authorization_IdentityNotFound Error while accessing graph API
- How to authenticate to personal OneDrive with Graph REST API
- Interact with OneDrive through Microsoft Graph API using Access Token
- Microsoft Graph. Access OneDrive with application own identity
- Not able to get access_token for Microsoft Graph API OAuth 2.0 using username & password
- Onedrive API rejects access token (CompactToken parsing failed with error code: 8004920A)
- OneDrive Microsoft Graph error : Token contains invalid signature
- MS Graph API: invalid authentication token
- Microsoft Graph OAuth issues