Forum Discussion
Thank you for your response, couple things that we found along the way.
- in order to authorize i had to remove the /v2.0 from both auth endpoint and token endpoint. this doesn’t make sense because we do see these endpoints in azure .
- even after i get the access token if i try to get the users entity or groups i am getting an error in the pipeline. “Failure: HTTP Response Code:401; Response Message: Access token validation failure. Invalid audience., Reason: InvalidAuthenticationToken, Resolution: Check your refresh token, access token, and account settings.”
- is there a way to capture the access token information from the Rest get???
It looks like you might be using an API that’s not a part of the Microsoft Graph API selection, but for authorization, it might be helpful to run through this document from Microsoft on the v2 auth service, there’s a step in there for providing admin consent (which might be required with a client_credentials workflow) and you’d then have to register a redirect_uri (you could use localhost as that URL would redirect within your browser itself). All of these messages, like “InvalidAuthenticationToken” and “Access token validation failure. Invalid audience.” are coming from the response from microsoft directly, so it specifically doesn’t like something about your access token. One option would be to use postman or another tool to try out exactly the steps that you need to do, we don’t expose access tokens for security reasons, but you COULD make simply a REST POST that gets an access token back from the endpoint (without an account) since this is client_credentials oauth. There’s also a stackoverflow post that points out the full entire scope to use, that might also be an issue.