cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
shahriat
Helper II
Helper II

Audience validation failed for OAuth 2.0 implicit grant flow within portal

I have integrated OAuth 2.0 implicit grant flow within portal following this below document:

https://docs.microsoft.com/en-us/powerapps/maker/portals/oauth-implicit-grant-flow#register-client-i...

 

but getting following error in my api while debugging:

 

{"xxxxxx: Audience validation failed. Audiences: ''. Did not match: validationParameters.ValidAudience: 'xxxxxxxxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'."}

 

I have added these site settings in my portal:

Connector/ImplicitGrantFlowEnabled to True

ImplicitGrantFlow/TokenExpirationTime to 3600

ImplicitGrantFlow/RegisteredClientId to Client ID (from azure AD app)

ImplicitGrantFlow/{ClientId}/RedirectUri to my portal page

 

I have integrated this following Token Endpoint JavaScript code in portal page:

https://github.com/microsoft/PowerApps-Samples/blob/master/portals/TokenEndpoint.js

 

and my azure hosted API code here:

https://github.com/microsoft/PowerApps-Samples/tree/master/portals/ExternalWebApiConsumingPortalOAut...

 

What I have done wrong for which the above error is generating?

4 REPLIES 4
justinburch
Microsoft
Microsoft

Hi @shahriat,

It's been awhile since I've implemented this. At what point in the sample code is the error being thrown?

Hi Justin,

Thanks your reply. I have deployed C# sample into azure hosting. Trying to access whoami api url from portal providing client id in both of js and c# platform. But getting the mentioned above error while debugging in audience validation and the result is 401 unauthorized access to that api.

 

in this site setting: ImplicitGrantFlow/{ClientId}/RedirectUri 

do I need to replace the full {ClientId} with azure ad client id?

 

I think something is wrong in my setting which need to identify. 

 

Hi @shahriat,

Yes, you would need to replace the ClientID with the actual client ID. Have you tried this?

Hello Justin,

Thank you for your reply.

 

Yes I added the client id there but the issue was since my token doesn't contain any aud value so I need to set validateAudience false in c# code. It works now.

Helpful resources

Announcements
PA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

R2 (Green) 768 x 460px.png

Microsoft Dynamics 365 & Power Platform User Professionals

DynamicsCon is a FREE, 4 half-day virtual learning experience for 11,000+ Microsoft Business Application users and professionals.

Users online (2,626)