Access token validation failure. Invalid audience

I need help in the context of error = I am getting "message": "Access token validation failure. Invalid audience.",

I am using the Authorisation code grant type in Oauth.I have mapped custom claims to the app using Azure AD policy. So If I user Scope = AppId/.default then I get a custom claim in token and scope what APP has API permission on Azure AD such as user.read, directory.read. But with this when I call graph API for a user profile to see a member of "https://graph.microsoft.com/v1.0/me/memberOf" I get error "Invalid audience"

However, If I use scope = https://graph.microsoft.com/.defaultThen I am able to query though custom claim which is mapped to App does not come up.

Any help would be appreciated?

2

Best Answer

Tokens can only have one audience, which controls which API they grant access to. The token for your app/API cannot be used for Graph. It isn't clear what your exact scenario is here, but if you're calling Graph from your app/API, you may want to look at the on-behalf-of flow to exchange your first token for a Graph token.

Access token validation failure occurs when the access token provided is not valid. This error often happens due to an invalid audience. An audience is a parameter that specifies the intended recipient of the access token. If the audience is incorrect or doesn't match the expected value, the validation will fail.

To resolve this issue, you need to ensure that the audience parameter is correctly set when generating the access token. Double-check the configuration and make sure the audience matches the intended recipient. If you are using a third-party authentication service, ensure that the audience value is correctly configured in both the authentication provider and your application.

Another possible cause of this error is when the access token has expired. Access tokens usually have an expiration time, and if the token is used after it has expired, the validation will fail. In this case, you need to obtain a new access token by going through the authentication process again.

If you are experiencing access token validation failure with an API or service, it is recommended to check the documentation or contact the provider for specific troubleshooting steps. They may have additional guidelines or recommendations to address this issue.

Random Posts

SQL Sum window functionWhich Python memory profiler is recommended? [closed]What's the simplest way to print a Java array?How to map inside a map function in reactjsHow to solve "NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)"Could not find imported module support code for ansiblemodule (community kubernetes collection )Where is the InfluxDB 2.0.2's config file path?onMouseOver event not working in ReactHow to pass command line arguments to a shell alias? [duplicate]How to drop a list of rows from Pandas dataframe?python argparse: unrecognized argumentsConvert serial dateUnable to ravel a numpy arrayKey existence check in HashMapHow to protect an HTML element within designmode=onWhat is the differences between Amazon Corretto and Java JDK? Why we use Amazon Corretto for specially developing Enterprise Apps? [closed]Shell Command in PHP file : Display the content of a file in a webpageHow to convert JavaScript to JQuery?How to publish artifacts separately for each project in solution from VSTS CI pipeline?Could not automatically detect an ADB binary - Android Studio