question

WMioConnectors-6974 avatar image
0 Votes"
WMioConnectors-6974 asked ·

Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client application

I created the OAuth app to perform sharepoint authentication, When a user, Non-Microsoft email id(example.com) is trying to authenticate on my app, then the user is getting "Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client application". I am using oauth2 v1.0 . can anyone help me with that, how to modify this error. This question is a continuation to this https://github.com/MicrosoftDocs/azure-docs/issues/49563

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@WMioConnectors-6974 Try decoding your token at https://jwt.ms and check if the audience is matching with resource ID of SharePoint. If it is different, you need to update your request to include appropriate resource ID.


Please "Accept as answer" wherever the information provided helps you to help others in the community.

· 6 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@amanpreetsingh-msft I am unable to generate an access token, I am getting above error when I am making a call to get authorization code.


0 Votes 0 ·

@WMioConnectors-6974 could you please share the request URL which is starting with https://login.microsoftonline.com/yourtenant.onmicrosoft.com/oauth2...?

0 Votes 0 ·

@WMioConnectors-6974 The resource must be either the client ID of the app or if you want to specify the resource parameter in form of URL, you need to Expose an API on the application and add required scopes. The Resource URL in the request must match with the Application ID URI. Please refer to the highlighted sections in the screenshot below:

4361-untitled.png

Once this is done, you need to add permissions for that API under API permissions section of the application and grant admin consent.

0 Votes 0 ·
untitled.png (22.9 KiB)

@amanpreetsingh-msft what will be the resource id if we have multiple api permissions(like graph api, custom api, sharepoint api). In that case how to provide resource id and also my application ID URI is is same as api:<client_id>. so what should we add in resource id for this


0 Votes 0 ·

@WMioConnectors-6974 For different resources it should be a different token call. E.g. in case of Graph API, resource should be https://graph.microsoft.com/ and for custom API it should be the Application ID or App ID URI of that application which is api:<client_id> in your case and can be edited as well.

0 Votes 0 ·