I have done lots of checking around. my permissions are fine because I can use postman successfully to many endpoints.
Does anyone know what the audience value is or can be found?
This is the exact error.
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"date": "2023-09-28T01:14:12",
"request-id": "cc3ac35d-ff4c-47b1-a228-f067d52f621d",
"client-request-id": "cc3ac35d-ff4c-47b1-a228-f067d52f621d"
}
}
}
This is what I use for my audience "https://graph.microsoft.com/.default"
I am having a different issue where I can get the Graph API to work for a few hours (maybe a day?) and then I start getting:
{"error":{"code":"InvalidAuthenticationToken","message":"Lifetime validation failed, the token is expired.","innerError":{"date":"2023-10-02T10:27:56","request-id":"","client-request-id":""}}}"
There is not a clear method of how to enable refresh tokens
Hey @tbommer, as @khill-fbmc mentioned we have several users confirming that using https://graph.microsoft.com/.default for the audience works. Hope you find the same!
@khill-fbmc in general for refresh tokens to be given, the offline_access scope needs to be sent with the authorization request. Microsoft also has some docs here as well.