问题
I am attempting to retrieve files from an Office 365 for Business account.
Following instructions here:
https://msdn.microsoft.com/en-us/library/azure/dn645543.aspx
I have been able to successfully obtain an Access Token for my application.
However, when I attempt to use the token to make API Calls, I receive the error
"https://[tenant redacted]-my.sharepoint.com/_api/v2.0/drive/ - 401: {"error":"invalid_client","error_description":"Invalid audience Uri 'http:\/\/[redacted]-spreadsheet-test-webapi.[tenant url redacted].com\/'."}
My call to the sharepoint URL is a simple GET request with the headers set as follows:
headers = {
'User-Agent' : 'python_tutorial/1.0',
'Authorization' : 'Bearer {0}'.format(access_token),
'Accept' : 'application/json',
}
I have confirmed the Resource URI I am using matches the App ID URI in the Active Directory configuration, and I have delegated the appropriate sharepoint permissions (Read and write items in all site collections, Read and write user files) to the application.
I have been trying various API endpoints, different "Resource" parameter values, and re-read various documentation multiple times.
I also was able to make requests via the Graph API, however it does't have the functionality (access/update files in a users onedrive) that I need.
Not sure what I'm missing, any help would be appreciated.
回答1:
I Had the same issue.
I use OneDrive for business API (and not office 365 management API) to download\upload files, This means the resource parameter you provide while retrieving access token should be:
https://[tenant redacted]-my.sharepoint.com
Please try to open the access token (which is in JWT format) with a JWT decoder, to verify the audience (I used online JWT decoder to do so, the parameter you look in the under payload is aud) is what you are expecting.
来源:https://stackoverflow.com/questions/35583923/invalid-audience-uri-error-service-to-service-application-onedrive-for-business