cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
shahriat
Helper II
Helper II

Audience validation failed for OAuth 2.0 implicit grant flow within portal

I have integrated OAuth 2.0 implicit grant flow within portal following this below document:

https://docs.microsoft.com/en-us/powerapps/maker/portals/oauth-implicit-grant-flow#register-client-i...

 

but getting following error in my api while debugging:

 

{"xxxxxx: Audience validation failed. Audiences: ''. Did not match: validationParameters.ValidAudience: 'xxxxxxxxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'."}

 

I have added these site settings in my portal:

Connector/ImplicitGrantFlowEnabled to True

ImplicitGrantFlow/TokenExpirationTime to 3600

ImplicitGrantFlow/RegisteredClientId to Client ID (from azure AD app)

ImplicitGrantFlow/{ClientId}/RedirectUri to my portal page

 

I have integrated this following Token Endpoint JavaScript code in portal page:

https://github.com/microsoft/PowerApps-Samples/blob/master/portals/TokenEndpoint.js

 

and my azure hosted API code here:

https://github.com/microsoft/PowerApps-Samples/tree/master/portals/ExternalWebApiConsumingPortalOAut...

 

What I have done wrong for which the above error is generating?

4 REPLIES 4
justinburch
Microsoft
Microsoft

Hi @shahriat,

It's been awhile since I've implemented this. At what point in the sample code is the error being thrown?

Hi Justin,

Thanks your reply. I have deployed C# sample into azure hosting. Trying to access whoami api url from portal providing client id in both of js and c# platform. But getting the mentioned above error while debugging in audience validation and the result is 401 unauthorized access to that api.

 

in this site setting: ImplicitGrantFlow/{ClientId}/RedirectUri 

do I need to replace the full {ClientId} with azure ad client id?

 

I think something is wrong in my setting which need to identify. 

 

Hi @shahriat,

Yes, you would need to replace the ClientID with the actual client ID. Have you tried this?

Hello Justin,

Thank you for your reply.

 

Yes I added the client id there but the issue was since my token doesn't contain any aud value so I need to set validateAudience false in c# code. It works now.

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

V3_PVA CAmpaign Carousel.png

Community Challenge - Giveaways!

Participate in the Power Virtual Agents Community Challenge

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Carousel April Dunnam Updated 768x460.jpg

Urdu Hindi D365 Bootcamp

Dont miss our very own April Dunnam’s The Developer Guide to the Galaxy! Find out what the Power Platform has to offer for the traditional developer.

Users online (2,030)