cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
shahriat
Helper II
Helper II

Audience validation failed for OAuth 2.0 implicit grant flow within portal

I have integrated OAuth 2.0 implicit grant flow within portal following this below document:

https://docs.microsoft.com/en-us/powerapps/maker/portals/oauth-implicit-grant-flow#register-client-i...

 

but getting following error in my api while debugging:

 

{"xxxxxx: Audience validation failed. Audiences: ''. Did not match: validationParameters.ValidAudience: 'xxxxxxxxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'."}

 

I have added these site settings in my portal:

Connector/ImplicitGrantFlowEnabled to True

ImplicitGrantFlow/TokenExpirationTime to 3600

ImplicitGrantFlow/RegisteredClientId to Client ID (from azure AD app)

ImplicitGrantFlow/{ClientId}/RedirectUri to my portal page

 

I have integrated this following Token Endpoint JavaScript code in portal page:

https://github.com/microsoft/PowerApps-Samples/blob/master/portals/TokenEndpoint.js

 

and my azure hosted API code here:

https://github.com/microsoft/PowerApps-Samples/tree/master/portals/ExternalWebApiConsumingPortalOAut...

 

What I have done wrong for which the above error is generating?

4 REPLIES 4
justinburch
Microsoft
Microsoft

Hi @shahriat,

It's been awhile since I've implemented this. At what point in the sample code is the error being thrown?

Hi Justin,

Thanks your reply. I have deployed C# sample into azure hosting. Trying to access whoami api url from portal providing client id in both of js and c# platform. But getting the mentioned above error while debugging in audience validation and the result is 401 unauthorized access to that api.

 

in this site setting: ImplicitGrantFlow/{ClientId}/RedirectUri 

do I need to replace the full {ClientId} with azure ad client id?

 

I think something is wrong in my setting which need to identify. 

 

Hi @shahriat,

Yes, you would need to replace the ClientID with the actual client ID. Have you tried this?

Hello Justin,

Thank you for your reply.

 

Yes I added the client id there but the issue was since my token doesn't contain any aud value so I need to set validateAudience false in c# code. It works now.

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Users online (2,180)