question

SeanRiedel-0991 avatar image
0 Votes"
SeanRiedel-0991 asked ericOnline edited

SharePoint OAuth token request failed

I have a console application that connects to a SharePoint site to retrieve some data. It uses a Client ID and Client Secret generated on the AppRegNew page for that site. The app has been granted full rights to the Site Collection. These are relatively new ID's so they have not expired.

Recently it began failing with a "Token request failed", "Remote server returned an error: (401) Unauthorized."

We are using a commonly used TokenHelper class to retrieve the token.

We did have some older App Client ID's hanging around so I deleted the old one's using the AppPrincipals page, however I can still perform a lookup on them in the AppInv page so I don't believe they are actually removed.

Is there something I can check on the SharePoint side to try and determine why this Client ID cannot request a Token successfully?

office-sharepoint-online
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelHan-MSFT avatar image
0 Votes"
MichaelHan-MSFT answered

Hi @SeanRiedel-0991,

This article would be helpful: https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/provider-hosted-app-pha-application-errors-tls-errors-and-401/ba-p/2273611

102799-image.png

You can check which TLS and ciphers are used.

Here is a similar issue: https://docs.microsoft.com/en-us/answers/questions/401398/sharepoint-add-in-failure-to-acquire-app-only-toke.html?childToView=406335#answer-406335


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




image.png (31.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SeanRiedel-0991 avatar image
0 Votes"
SeanRiedel-0991 answered MichaelHan-MSFT commented

Hello,
Thank you for your response. This very well may be the issue as my console application is running with .Net Framework 4.5.2 which is quite old.

However, as another step I have tried retrieving a valid token using Postman and see an error message. This still leads me to believe that there is a SharePoint setup issue involved.

I am requesting an OAuth 2.0 token. When I request the token, I do see a login prompt (with 2-factor authentication).

When I enter my credentials I receive the following error:

https://mycallbackUrl/default.aspx?error=access_denied&error_description=AADSTS650057%3a+Invalid+resource.+The+client+has+requested+access+to+a+resource+which+is+not+listed+in+the+requested+permissions+in+the+client%27s+application+registration.+Client+app+ID%3a+6fb73d33-59df-4a69-8b6b-299b616f2ad1(OAuthAppRenew2021).+Resource+value+from+request%3a+https%3a%2f%2fmysharepoint.sharepoint.com.+Resource+app+ID%3a+00000003-0000-0ff1-ce00-000000000000.+List+of+valid+resources+from+app+registration%3a+.%0d%0aTrace+ID%3a+dfd69934-2d9e-4580-86cf-6670994ce200%0d%0aCorrelation+ID%3a+73883dfa-ab10-4939-a5cf-d616c26a454f%0d%0aTimestamp%3a+2021-06-04+17%3a04%3a38Z#

Thank you.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @SeanRiedel-0991,

Is there anything update? Have you solved this issue?

If my answer helps, please click "Accept Answer" and upvote it.:)

0 Votes 0 ·
MichaelHan-MSFT avatar image
0 Votes"
MichaelHan-MSFT answered MichaelHan-MSFT edited

Hi @SeanRiedel-0991,

How do you retrieve the access token using postman?

Please try to get the access token using the below way:

 URL https://accounts.accesscontrol.windows.net/Tenant ID/tokens/OAuth/2/
 grant_type:client_credentials
 client_id:<Client ID>@<Tenant ID>
 client_secret: <Client Secret>
 resource:00000003-0000-0ff1-ce00-000000000000/<tenant>.sharepoint.com@<tenant ID>


You could refer to this article for more: https://global-sharepoint.com/sharepoint-online/in-4-steps-access-sharepoint-online-data-using-postman-tool/

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SeanRiedel-0991 avatar image
0 Votes"
SeanRiedel-0991 answered

This did lead me to the correct answer. The application was running under .Net Framework 4.5.2, and an update to 4.7.2 appears to have fixed it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ericOnline avatar image
0 Votes"
ericOnline answered ericOnline edited

I'm receiving this error when trying to access Sharepoint On-prem from Power Automate:

Access token not found
clientRequestId: 7e4375af-c4cf-40ca-8b6e-ad440af75f4b

I'm able to hit other on-prem servers (Linux, etc.) with Power Automate so I think the On-prem Data Gateway can be ruled out.

What should I look at to rule out / confirm TLS as the issue?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.