AudienceUriValidationFailedException while downloading the sharepoint file

Praveen 0 Reputation points
2024-07-03T14:03:05.2766667+00:00

Hi,

I am trying to download a file in python from sharepoint using python msal rest API. I am running the following code:

Screenshot 2024-07-03 144505

import msal
client_id = 'xxxx'
client_secret = 'yyyy'
tenant_id = 'zzzz'
authority = f"https://login.microsoftonline.com/{tenant_id}"
scope = ["https://graph.microsoft.com/.default"]
#scope = ["https://myorganization.sharepoint.com/.default"]
app = msal.ConfidentialClientApplication(client_id, authority=authority, client_credential=client_secret)
result = app.acquire_token_for_client(scopes=scope)
if "access_token" in result:
    access_token = result['access_token']
else:
    print("Error acquiring token:", result.get("error"), result.get("error_description"))
import requests
print(access_token)
# SharePoint site and file details
sharepoint_site = "https://myorganization.sharepoint.com/sites/mysite"
file_path = "/Documents/myfile.xlsx"  # Path to the file in SharePoint
# Construct the URL to the file
file_url = f"{sharepoint_site}/_api/web/getfilebyserverrelativeurl('{file_path}')/$value"
# Set up the request headers with the access token
headers = {
    "Authorization": f"Bearer {access_token}"
}
# Make the request to download the file
response = requests.get(file_url, headers=headers)
if response.status_code == 200:
    with open("downloaded_file.txt", "wb") as file:
        file.write(response.content)
    print("File downloaded successfully")
else:
    print("Error downloading file:", response.status_code, response.text)

I am getting the following error:

Error downloading file: 401 {"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}

I am getting the token correctly but it fails while sending the request for download.

As far my understanding, I have given all the required permissions in the AAD portal. Am I missing something or any other permissions are required? Please help.

Thanks

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,152 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,270 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. lilly 0 Reputation points
    2024-07-03T16:16:29.7733333+00:00

    If you face an AudienceUriValidationFailedException while doing to download a file from SharePoint, it typically indicates a problem with the users URI validation in the context of authentication. These are the following steps to solve this problem: Check Audience URI Configuration: Make sure that the audience URI in your authentication setup matches the expected value in your SharePoint configuration. Update Token Issuer: First check that the token issuer is correctly configured and that the audience URI in the issued token matches the configuration in SharePoint. Review Authentication Setup: Make sure your authentication setup is correctly configured. This includes verifying the client ID and any scopes. Check SharePoint Configuration: Make sure that the SharePoint site's configuration honista old version allowed for the authentication process you are using and that any required audience URIs are correctly specified in the settings. Inspect Token Claims: Decode the authentication token to inspect its claims and ensure that the audience claim matches the expected URI. Tools like can be helpful for decoding and inspecting JWT tokens. Update or Reconfigure Trust: If you are using a usual Security Token Service, make sure that the trust relationship between the STS and SharePoint is properly configured and that the audience URIs are correctly specified. Check for Updates or Patches: Ensure that your SharePoint instance are up-to-date with the latest patches and updates, as there may be fixes for known issues related to audience URI validation. Consult Logs and Documentation: Review the SharePoint and authentication provider logs for more detailed error messages that can provide additional context about the failure.