Azure - Download File from Secure Sharepoint using Rest API - AudienceUriValidationFailedException

JacobBatista
May 4, 2023
222 views
1 vote
2 Answers

I have been plunking away at trying to download a secure file from our company’s secure Sharepoint.

I have performed the following steps, and I still receive a AudienceUriValidationFailedException when trying to download.

See below for my process.

I am in desperate need of some pointers. Did I miss a step? Am I forgetting something? Using the wrong client secret?

Thanks in advance!

Batista

I created an app registration on the Azure portal.
I created a client secret under the registered app
I add the application to my company SharePoint using the "https://[COMPANY NAME]-admin.sharepoint.com/_layouts/15/appinv.aspx". I use the "Application (client) ID" string from the Azure app registration. I click the "Lookup" button, and the Title field auto-populates.
I click "create", and then "trust it"
Using postman, I used a post request to get an access token.

The content in red is taken from "Directory (tenat) ID"
The orange is from "Application (client) ID"
The green is from the "Value" column of the secret I created in step 2

I use the token it returns to download the file from the SharePoint

Answers

- Sridevi
- May 5, 2023 at 8:44 am
- 0 votes
0
The error AudienceUriValidationFailedException occured as you generated access token for Microsoft graph and used it in running SharePoint requests.

To resolve the error, make use of below Graph API query to download file from site:
```
GET https://graph.microsoft.com/v1.0/sites/<siteID>/drives/<doclib driveID>/root/children/<filename>
```
I have one document library with logo.jpg file in my SharePoint site like below:

To download this file via REST API using bearer token, I registered one Azure AD application and added API permissions as below:

Now I generated access token via Postman with below parameters:
```
POST https://login.microsoftonline.com/tenantID/oauth2/v2.0/token
client_id:appID
client_secret:secret
scope: https://graph.microsoft.com/.default
grant_type:client_credentials
```
Response:

I used this token in running below Graph query and got file download link of logo.jpg in response like this:
```
GET https://graph.microsoft.com/v1.0/sites/<siteID>/drives/<doclib driveID>/root/children/<filename>
```
Response:

When I ran downloadUrl from response in browser, file downloaded successfully like below:

You can make use of below graph query to get ID of your site:
```
GET https://graph.microsoft.com/v1.0/sites/root:/sites/<sitename>
```
Response:

Similarly, you can use below query to get drive ID of document library:
```
GET https://graph.microsoft.com/v1.0/sites/<siteID_from_above_response>/drives
```
Response:
Login or Signup to reply.

- kadis
- May 5, 2023 at 1:30 pm
- 0 votes
0
If you’re going to use Sharepoint REST API, in get token step use scope https://<tenantname>.sharepoint.com/.default. This should fix your issue for the current configuration, and you’ll be able to use Sharepoint REST API (docs).

But if you want to use Graph API (where scope is that one you have in screenshot in step 5) (docs), instead of step 3,4 you should add to your app registered in Azure AD > API Permissions > Application > Microsoft Graph API > select specific permissions you may need (user.read, mail.read, file.readwrite etc)

you may also use Delegated level of permissions, but in this case the way of get access token is different, not client_credentials

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Azure – Download File from Secure Sharepoint using Rest API – AudienceUriValidationFailedException

Answers