azure-activedirectory-library-for-objc: Access token validation failure

I am using the convergence_dev branch and attempting to access the graph api using converged auth (https://graph.microsoft.com/v1.0/drives/root/children) and am getting back an access token but I get the following response when I try to use it: Optional({ “error”: { “code”: “InvalidAuthenticationToken”, “message”: “Access token validation failure.”, “innerError”: { “request-id”: “313a66f4-6a57-4aa1-ae5d-ed5636c93571”, “date”: “2016-04-05T11:13:43” } } }) I have a working UWP sample and have based my IOS code on this. When I decode my token it doesn’t appear to contain any scopes whereas my working UWP token has the files.read scope defined within it . What is the best way to diagnose this?

my code: let scopes: [String] = [] let additionalScopes: [String] = [“https://graph.microsoft.com/files.Read”]

        ac.parentController = self;
        ac.acquireTokenWithScopes(scopes, additionalScopes: additionalScopes, clientId: ClientId, redirectUri: NSURL(string: RedirectUri), promptBehavior: AD_PROMPT_ALWAYS, completionBlock: {
            (result: ADAuthenticationResult!) in
            if (result.accessToken != nil) {
                print(result.accessToken)

                let config = NSURLSessionConfiguration.defaultSessionConfiguration()
                let headers = [
                    "Authorization": "Bearer " + result.accessToken
                ]
                config.HTTPAdditionalHeaders = headers
                let session = NSURLSession(configuration: config)
                let url = NSURL(string: "https://graph.microsoft.com/v1.0/me/drive/root/children")
                let task = session.dataTaskWithURL( url!, completionHandler: {
                    (data, response, error) -> Void in
                    if(error != nil) {
                        // If there is an error in the web request, print it to the console
                        print(error!.localizedDescription)
                    } else {
                        print(NSString(data: data!, encoding: NSUTF8StringEncoding))
                    }
                    self.busy = false
                })

                task.resume()
            }

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 3
  • Comments: 21 (6 by maintainers)

Most upvoted comments

Hello!

I had the same issue: “Access token validation failure” with one of the demos. It turned out that these two entries in App.config: “ida:GraphResourceId” and “ida:GraphEndpoint” both had the erroneous value of “https://graph.windows.net/” whereas the correct value seems to be “https://graph.microsoft.com/”. The error went away after the fix.

HTH

+5
NazarovVassil on Feb 16, 2017
Read more comments on GitHub
← azure-activedirectory-identitymodel-extensions-for-dotnet: X.509 Certificates with ECDSA based keys supported?
azure-activedirectory-library-for-objc: ADAL is not working for iOS 11.3 →