Question 137381 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – Download File from Secure Sharepoint using Rest API – AudienceUriValidationFailedException

I have been plunking away at trying to download a secure file from our company’s secure Sharepoint.

I have performed the following steps, and I still receive a AudienceUriValidationFailedException when trying to download.

See below for my process.

I am in desperate need of some pointers. Did I miss a step? Am I forgetting something? Using the wrong client secret?

Thanks in advance!

  • Batista

  1. I created an app registration on the Azure portal.

  2. I created a client secret under the registered app

  3. I add the application to my company SharePoint using the "https://[COMPANY NAME]-admin.sharepoint.com/_layouts/15/appinv.aspx". I use the "Application (client) ID" string from the Azure app registration. I click the "Lookup" button, and the Title field auto-populates.

  4. I click "create", and then "trust it"

  5. Using postman, I used a post request to get an access token.

  • The content in red is taken from "Directory (tenat) ID"
  • The orange is from "Application (client) ID"
  • The green is from the "Value" column of the secret I created in step 2
  1. I use the token it returns to download the file from the SharePoint
Tags:

2

Answers


  1. 0

    The error AudienceUriValidationFailedException occured as you generated access token for Microsoft graph and used it in running SharePoint requests.

    To resolve the error, make use of below Graph API query to download file from site:

    GET https://graph.microsoft.com/v1.0/sites/<siteID>/drives/<doclib driveID>/root/children/<filename>

    I have one document library with logo.jpg file in my SharePoint site like below:

    enter image description here

    To download this file via REST API using bearer token, I registered one Azure AD application and added API permissions as below:

    enter image description here

    Now I generated access token via Postman with below parameters:

    POST https://login.microsoftonline.com/tenantID/oauth2/v2.0/token
client_id:appID
client_secret:secret
scope: https://graph.microsoft.com/.default
grant_type:client_credentials

    Response:

    enter image description here

    I used this token in running below Graph query and got file download link of logo.jpg in response like this:

    GET https://graph.microsoft.com/v1.0/sites/<siteID>/drives/<doclib driveID>/root/children/<filename>

    Response:

    enter image description here

    When I ran downloadUrl from response in browser, file downloaded successfully like below:

    enter image description here

    You can make use of below graph query to get ID of your site:

    GET https://graph.microsoft.com/v1.0/sites/root:/sites/<sitename>

    Response:

    enter image description here

    Similarly, you can use below query to get drive ID of document library:

    GET https://graph.microsoft.com/v1.0/sites/<siteID_from_above_response>/drives

    Response:

    enter image description here

    Login or Signup to reply.
  2. 0

    If you’re going to use Sharepoint REST API, in get token step use scope https://<tenantname>.sharepoint.com/.default. This should fix your issue for the current configuration, and you’ll be able to use Sharepoint REST API (docs).

    But if you want to use Graph API (where scope is that one you have in screenshot in step 5) (docs), instead of step 3,4 you should add to your app registered in Azure AD > API Permissions > Application > Microsoft Graph API > select specific permissions you may need (user.read, mail.read, file.readwrite etc)

    you may also use Delegated level of permissions, but in this case the way of get access token is different, not client_credentials

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search