cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
shahriat
Helper I
Helper I

Audience validation failed for OAuth 2.0 implicit grant flow within portal

I have integrated OAuth 2.0 implicit grant flow within portal following this below document:

https://docs.microsoft.com/en-us/powerapps/maker/portals/oauth-implicit-grant-flow#register-client-i...

 

but getting following error in my api while debugging:

 

{"xxxxxx: Audience validation failed. Audiences: ''. Did not match: validationParameters.ValidAudience: 'xxxxxxxxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'."}

 

I have added these site settings in my portal:

Connector/ImplicitGrantFlowEnabled to True

ImplicitGrantFlow/TokenExpirationTime to 3600

ImplicitGrantFlow/RegisteredClientId to Client ID (from azure AD app)

ImplicitGrantFlow/{ClientId}/RedirectUri to my portal page

 

I have integrated this following Token Endpoint JavaScript code in portal page:

https://github.com/microsoft/PowerApps-Samples/blob/master/portals/TokenEndpoint.js

 

and my azure hosted API code here:

https://github.com/microsoft/PowerApps-Samples/tree/master/portals/ExternalWebApiConsumingPortalOAut...

 

What I have done wrong for which the above error is generating?

4 REPLIES 4
justinburch
Microsoft
Microsoft

Hi @shahriat,

It's been awhile since I've implemented this. At what point in the sample code is the error being thrown?

Hi Justin,

Thanks your reply. I have deployed C# sample into azure hosting. Trying to access whoami api url from portal providing client id in both of js and c# platform. But getting the mentioned above error while debugging in audience validation and the result is 401 unauthorized access to that api.

 

in this site setting: ImplicitGrantFlow/{ClientId}/RedirectUri 

do I need to replace the full {ClientId} with azure ad client id?

 

I think something is wrong in my setting which need to identify. 

 

Hi @shahriat,

Yes, you would need to replace the ClientID with the actual client ID. Have you tried this?

Hello Justin,

Thank you for your reply.

 

Yes I added the client id there but the issue was since my token doesn't contain any aud value so I need to set validateAudience false in c# code. It works now.

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

secondImage

Demo Extravaganza is Back!

We are excited to announce that Demo Extravaganza for 2021 has started!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

Power Apps June 2021

June Power Apps Community Call

Don't miss the call this month on June 16th - 8a PDT

Users online (79,906)