question

ChrisClum-8520 avatar image
0 Votes"
ChrisClum-8520 asked MichaelHan-MSFT answered

SharePoint Add-In - Failure to acquire App-Only token

I have a SharePoint Add-In application that has been running for fine for a while with on coding changes and yesterday an error suddenly started to happen when attempting to get an app-only token:

Exception: Token request failed.
Inner Exception: The remote server returned an error: (401) Unauthorized.

The client ID/secret doesn't expire until next year. The application is running on .Net 4.7.2 and should be using TLS 1.2.

What could be the problem?

office-sharepoint-online
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelHan-MSFT avatar image
1 Vote"
MichaelHan-MSFT answered

@ChrisClum-8520,

The same issue was discussed here: https://github.com/pnp/pnpframework/issues/336. Windows 2012 R2 and worked intermittently.

Make sure the server supports one of supported cyphers:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA38

  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256



If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelHan-MSFT avatar image
0 Votes"
MichaelHan-MSFT answered ChrisClum-8520 commented

Hi @ChrisClum-8520,

This could be that the SharePoint app-only permissions is disabled for you tenant. You could check it with this command: get-spotenant | select DisableCustomAppAuthentication

And you could run the below cmdlet to enable it: Set-SPOTenant -DisableCustomAppAuthentication $false


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Michael - I verified with my admin the DisableCustomAppAuthentication is set correctly. We even set it to $true, waited 30 minutes, and set it back to $false. This didn't help. However, the article you posted is very helpful. I'm looking into it now. I was bit by the TLS 1.2 change a couple weeks ago. I updated the application to .Net 4.7.2 and it was working fine. It it running on Windows 2012 R2 and I suspect I'll find the wrong ciphers being used. What is quite odd is that it will work intermittently.

0 Votes 0 ·