question

ByronHayes-6267 avatar image
0 Votes"
ByronHayes-6267 asked ·

Invalid Audience for Resource (O365/Outlook API)

So I created/registered an app. But no where in this app registration can I state that it is an outlook application.
Otherwise, I am able to get a token but the token does not work on outlook endpoints. Need help for the error

'Invalid Audience for Resource"{"error":{"code":"InvalidAudienceForResource", "message":"The audience claim value is invalid for current resource. Audience claim is 'api://OUR-APP-ID_SET-AS-SCOPE', request url is 'https://outlook.office.com/api/v2.0/me/messages' and resource type is 'Exchange'.", "innerError": {"requestId": "c7fe963f-a7cb-4c1f-a869-83402fdeee76","date":"2020-02-11T03:55:07}}}

Note, I tried updating the scope in the call and because it isn't like the app-id it won't allow that. tried adding the outlook scope 'mail.read' to the app and said it is owned by Microsoft. Not sure how to move forward an update scope, or if that is the issue at all.

azure-information-protectionazure-webapps-apis
· 8
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

What scope you are passing to outlook end point ? Have you tried passing the scope fully qualified with outlook.com e.g. https://outlook.office.com/Mail.Read. I would also suggest you to use the Microsoft Graph for outlook as O365 services are now exposed via Microsoft Graph and it is recommended to use for any new application you are building. Please refer to the Outlook mail API for details.


0 Votes 0 ·

@sashar-msft thank you for your reply. I have tried passing that scope as a part of the client credential oauth call in order to get the access_token and I receive an invalid scope error.

Error when I try to replace the current scope which is api://{MY-APP-ID} with https://outlook.office.com/Mail.Read :

{"error":"invalid_scope","error_description":"AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://outlook.office.com/Mail.Read is not valid.\r\nTrace ID: 5fb22442-1647-4f48-9e25-b3bf6df91200\r\nCorrelation ID: 9f84bd15-b58b-4e88-a201-2608218fdee9\r\nTimestamp: 2020-02-20 14:14:18Z","error_codes":[70011],"timestamp":"2020-02-20 14:14:18Z","trace_id":"5fb22442-1647-4f48-9e25-b3bf6df91200","correlation_id":"9f84bd15-b58b-4e88-a201-2608218fdee9"}

0 Votes 0 ·

can you please provide request details over here(after removing sensitive information), so that i can take a look. Also, have you tried achieving the same using Microsoft Graph as per the shared documentation ?

0 Votes 0 ·

The request details:
Post Request for Token
"client_id": "{Client-ID}",
"client_secret": "{Client-Secret}",
"tenant": "f5d73c4c-bb3d-421b-8bee-424916a4abba",
"scope": "https://graph.microsoft.com/.default";

Changed the scope to a graph .default variant and I am still able to retrieve a token which is great. However I am still getting errors after I pass the access_token to a simple Get Request endpoint like /v1.0/me/messages/ (obviously using Microsoft Graph)

error: BadRequest

0 Votes 0 ·
Show more comments

1 Answer

michev avatar image
0 Votes"
michev answered ·

Try using 'https://outlook.office365.com' as the audience value.

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@michev For this 'audience value' I am getting the following error:

'{"error":{"code":"NoPermissionsInAccessToken","message":"The token contains no permissions, or permissions can not be understood.","innerError":{"requestId":"62c115da-4542-45d3-81fc-de4379ba57ff","date":"2020-02-21T18:35:46"}}}'

Only option to work so far was to use Microsoft Graph

0 Votes 0 ·