cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
shahriat
Helper II
Helper II

Audience validation failed for OAuth 2.0 implicit grant flow within portal

I have integrated OAuth 2.0 implicit grant flow within portal following this below document:

https://docs.microsoft.com/en-us/powerapps/maker/portals/oauth-implicit-grant-flow#register-client-i...

 

but getting following error in my api while debugging:

 

{"xxxxxx: Audience validation failed. Audiences: ''. Did not match: validationParameters.ValidAudience: 'xxxxxxxxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'."}

 

I have added these site settings in my portal:

Connector/ImplicitGrantFlowEnabled to True

ImplicitGrantFlow/TokenExpirationTime to 3600

ImplicitGrantFlow/RegisteredClientId to Client ID (from azure AD app)

ImplicitGrantFlow/{ClientId}/RedirectUri to my portal page

 

I have integrated this following Token Endpoint JavaScript code in portal page:

https://github.com/microsoft/PowerApps-Samples/blob/master/portals/TokenEndpoint.js

 

and my azure hosted API code here:

https://github.com/microsoft/PowerApps-Samples/tree/master/portals/ExternalWebApiConsumingPortalOAut...

 

What I have done wrong for which the above error is generating?

4 REPLIES 4
justinburch
Microsoft
Microsoft

Hi @shahriat,

It's been awhile since I've implemented this. At what point in the sample code is the error being thrown?

Hi Justin,

Thanks your reply. I have deployed C# sample into azure hosting. Trying to access whoami api url from portal providing client id in both of js and c# platform. But getting the mentioned above error while debugging in audience validation and the result is 401 unauthorized access to that api.

 

in this site setting: ImplicitGrantFlow/{ClientId}/RedirectUri 

do I need to replace the full {ClientId} with azure ad client id?

 

I think something is wrong in my setting which need to identify. 

 

Hi @shahriat,

Yes, you would need to replace the ClientID with the actual client ID. Have you tried this?

Hello Justin,

Thank you for your reply.

 

Yes I added the client id there but the issue was since my token doesn't contain any aud value so I need to set validateAudience false in c# code. It works now.

Helpful resources

Announcements
October Events

Mark Your Calendars

So many events that are happening this month - don't miss out!

MPP IDEAS

Ideas

Discover ideas and concepts from users like you for how to use Power Pages and take your work to the next level.

Ignite 2022

WHAT’S NEXT AT MICROSOFT IGNITE 2022

Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

Carousel Community Blog

Check out the Community Blog

Read all about the most recent blogs in the community!

Users online (3,636)