My goal is to write code that allows an Office 365 user to access files on OneDrive for Business through the REST API. I registered the application in Azure AD (web application / multiple tenants) and added permissions to access the Internet on the Internet. I want to use the "delegated user identifier with OAuth" scenario where my application accesses OneDrive for Business through the REST API using custom impersonation.
Permissions in the application are as follows:
"oauth2Permissions": [{"adminConsentDescription": "Allow the application to access the AppName on behalf of the user you are logged in to.", "adminConsentDisplayName": "AppName", "id": "xxx", "isEnabled": true, " origin ":" Application "," type ":" User "," userConsentDescription ":" Allow the application to access the AppName on your behalf "," userConsentDisplayName ":" AppName "," value ":" user_impersonation "}
The application asks the user (OneDrive For Business) to enter Office365 to receive an authorization code (sent to the registered redirect URL) and uses it to obtain an access token (via POST to my endpoint of the application token). In the "aud" field in the returned JWT, my client ID is set. Should it be something like "00000003-0000-0ff1-ce00-000000000000" instead of SharePoint Online?
When I try to get GET on https: // {tenant} -my.sharepoint.com/_api/v1.0/me/, using the access token as the bearer channel in the request header, I get error 401: "error: invalid client "," error: Invalid audience URI: https: // {tenant} -my.sharepoint.com/ ". This indicates a configuration error somewhere, but I cannot figure out what needs to be changed.
source share