Reputation: 11
Unable to Create SharePoint Webhook Subscription: "AudienceUriValidationFailedException" in Postman
I'm trying to create a webhook subscription for a SharePoint list using the SharePoint API. Following the Microsoft documentation and this guide on using Azure Functions, I am encountering an issue when making a POST request to the /subscriptions endpoint in Postman.
Steps for Obtaining a Delegated Token in Postman: Authorization Tab:
Auth Type: OAuth 2.0 Auth URL: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize Access Token URL: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token Client ID: Your app's client ID Client Secret: Your app's client secret Scope: Sites.ReadWrite.All (or other required scopes) Grant Type: Authorization Code Callback URL: Set the redirect URI configured in the Azure portal Get New Access Token:
Log in with the user account when redirected to the Microsoft login page. Postman captures the token. Use the Token:
The token is set in the Authorization header for the request as Bearer {Token}. Issue: I'm making a POST request to the SharePoint API using the following payload:
{
"resource": "https://{tenant}.sharepoint.com/_api/web/lists('{list_id}')",
"notificationUrl": "https://{your_function_app}.azurewebsites.net/api/HttpTrigger?code={code}",
"expirationDateTime": "2024-12-04T23:59:59.000Z",
"clientState": "{your_client_state}"
}
However, I receive the following error:
{
"error_description": "Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."
}
What I Have Tried:
- Verified that the token is correctly generated through the OAuth 2.0 flow.
- Ensured that the notificationUrl is accessible and correctly configured.
- Checked that the client ID, client secret, and other OAuth 2.0 parameters are correct.
- Referenced the Microsoft documentation to confirm the correctness of the API call structure.
What I Am Expecting: I expect to successfully create a webhook subscription for the SharePoint list without encountering the AudienceUriValidationFailedException error.
Upvotes: 1
Views: 161
Answers (1)
Reputation: 8694
If you are using client credential flow to generate access token in app-only scenarios, SharePoint accepts the access tokens requested with only client certificate, but not client secret. Refer MsDoc
If you prefer to use client credential flow and call SharePoint REST API, generate the self-signed in certificate and follow the steps mentioned in GitHub article to generate the access token.
I have followed below steps to create a webhook subscription for a SharePoint list using the SharePoint API.
Created functionapp and generated webhook URL:
https://functionapp.azurewebsites.net/api/HttpTrigger1?code={code}
Created AD Application and granted Delegated permission to access sites through SharePoint => Delegated Permissions => AllSites.FullControl
I have used below parameters to generate access token:
- Select OAuth 2.0 as Authorization Type.
Grant Type : Authorization Code
Callback URL : Enable Authorize using browser (or) use redirect_uri
Auth URL : https://login.microsoftonline.com/{tenant_id}/oauth2/authorize?resource=https://{TENANT}.sharepoint.com
Access Token URL : https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
Client ID : CLIENTID
Client Secret : ClientSecret
Scope : https://TENANT.sharepoint.com/.default
- If you have selected Authorize using browser for Callback URL in postman, add the displayed URL in
App=>Authentication=>Redirect URI:
Click on Generate New Access token:
Access token generated as below, click on Use token to be able to run the query to create webhook subscription.
I have used below query to create the subscription using Sharepoint API:
POST https://TENANT.sharepoint.com/_api/web/lists('list_id')/subscriptions
Response:
<?xml version="1.0" encoding="utf-8"?>
<entry xml:base="https://TENANT.sharepoint.com/_api/" xmlns="http://www.w3.org/2005/Atom" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:georss="http://www.georss.org/georss" xmlns:gml="http://www.opengis.net/gml">
<id>https://TENANT.sharepoint.com/_api/web/lists('list-id')/subscriptions</id>
<category term="Microsoft.SharePoint.Webhooks.Subscription" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" />
<link rel="edit" href="web/lists('d42361bc-546f-458e-bee6-2a5943d62396')/subscriptions" />
<title />
<updated>2024-08-21T12:03:57Z</updated>
<author>
<name />
</author>
<content type="application/xml">
<m:properties>
<d:clientState>secretClientState</d:clientState>
<d:expirationDateTime m:type="Edm.DateTime">2024-08-22T17:17:57Z</d:expirationDateTime>
<d:id m:type="Edm.Guid">79691e5f-3XXXX80fb0c3598</d:id>
<d:notificationUrl>https://kpfunc21.azurewebsites.net/api/HttpTrigger1?code={code}</d:notificationUrl>
<d:resource>d42361bc-XXXXX-458e-bee6-2a5943d62396</d:resource>
<d:resourceData m:null="true" />
<d:scenarios m:null="true" />
</m:properties>
</content>
</entry>
Upvotes: 0
Related Questions
- Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
- Converting a Postman request to curl
- Angular Azure AD Token Request Pattern for Single Page Application with Backend for Token Management
- Why do access tokens expire?
- Azure AD access token from postman
- Can not get new access token microsoft api with app id via postman
- How to query the Sharepoint REST api (not the Graph api) using an Azure AD registered application?
- Using POSTMAN to get Authorization Code - OAuth2.0
- Could not obtain Google oAuth 2 token on POSTMan
- Simple Spring Oauth2 flow using Postman