If you face an AudienceUriValidationFailedException
while doing to download a file from SharePoint, it typically indicates a problem with the users URI validation in the context of authentication. These are the following steps to solve this problem: Check Audience URI Configuration: Make sure that the audience URI in your authentication setup matches the expected value in your SharePoint configuration. Update Token Issuer: First check that the token issuer is correctly configured and that the audience URI in the issued token matches the configuration in SharePoint. Review Authentication Setup: Make sure your authentication setup is correctly configured. This includes verifying the client ID and any scopes. Check SharePoint Configuration: Make sure that the SharePoint site's configuration honista old version allowed for the authentication process you are using and that any required audience URIs are correctly specified in the settings. Inspect Token Claims: Decode the authentication token to inspect its claims and ensure that the audience claim matches the expected URI. Tools like can be helpful for decoding and inspecting JWT tokens. Update or Reconfigure Trust: If you are using a usual Security Token Service, make sure that the trust relationship between the STS and SharePoint is properly configured and that the audience URIs are correctly specified. Check for Updates or Patches: Ensure that your SharePoint instance are up-to-date with the latest patches and updates, as there may be fixes for known issues related to audience URI validation. Consult Logs and Documentation: Review the SharePoint and authentication provider logs for more detailed error messages that can provide additional context about the failure.
AudienceUriValidationFailedException while downloading the sharepoint file
Praveen
0
Reputation points
Hi,
I am trying to download a file in python from sharepoint using python msal rest API. I am running the following code:
import msal
client_id = 'xxxx'
client_secret = 'yyyy'
tenant_id = 'zzzz'
authority = f"https://login.microsoftonline.com/{tenant_id}"
scope = ["https://graph.microsoft.com/.default"]
#scope = ["https://myorganization.sharepoint.com/.default"]
app = msal.ConfidentialClientApplication(client_id, authority=authority, client_credential=client_secret)
result = app.acquire_token_for_client(scopes=scope)
if "access_token" in result:
access_token = result['access_token']
else:
print("Error acquiring token:", result.get("error"), result.get("error_description"))
import requests
print(access_token)
# SharePoint site and file details
sharepoint_site = "https://myorganization.sharepoint.com/sites/mysite"
file_path = "/Documents/myfile.xlsx" # Path to the file in SharePoint
# Construct the URL to the file
file_url = f"{sharepoint_site}/_api/web/getfilebyserverrelativeurl('{file_path}')/$value"
# Set up the request headers with the access token
headers = {
"Authorization": f"Bearer {access_token}"
}
# Make the request to download the file
response = requests.get(file_url, headers=headers)
if response.status_code == 200:
with open("downloaded_file.txt", "wb") as file:
file.write(response.content)
print("File downloaded successfully")
else:
print("Error downloading file:", response.status_code, response.text)
I am getting the following error:
Error downloading file: 401 {"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}
I am getting the token correctly but it fails while sending the request for download.
As far my understanding, I have given all the required permissions in the AAD portal. Am I missing something or any other permissions are required? Please help.
Thanks
1 answer
Sort by: Most helpful
-
lilly 0 Reputation points
2024-07-03T16:16:29.7733333+00:00