'InvalidAuthenticationToken. Access token validation failure. Invalid audience

I am using client credentials flow of OAuth 2.0 client credentials grant. I have given the necessary permission Calendars.ReadWrite in my Azure application, which is needed for the api endpoint 'https://graph.microsoft.com/v1.0/me/events'. I am able to get the token from Servicenow using the api '/{tenant}/oauth2/v2.0/token' and passing the scope as myappURI/.default. But while using the token for the posting an event using the api 'https://graph.microsoft.com/v1.0/me/events' I get 'Code:InvalidAuthenticationToken. Message:Access token validation failure. Invalid audience' error. Any help on this will be much appreciated.

microsoft-graph-apimicrosoft-graph-teamsmicrosoft-graph-calendar


Solution 1:[1]

You need to send https://graph.microsoft.com/.default for the scope.

4. Get an access token:

You specify the pre-configured permissions by passing https://graph.microsoft.com/.default as the value for the scope parameter in the token request. See the scope parameter description in the token request below for details.

https://docs.microsoft.com/en-us/graph/auth-v2-service

Solution 2:[2]

In my case I was sending the ID Token instead of the Access Token.

  • ID tokens are meant to be read by the OAuth client.
  • Access tokens are meant to be read by the resource server.
  • ID tokens are JWTs. Access tokens can be JWTs but may also be a random string.
  • ID tokens should never be sent to an API. Access tokens should never be read by the client.

Source: https://oauth.net/id-tokens-vs-access-tokens/

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Guilherme Flores
Solution 2 swissbuechi

Related Questions