Invoke-PnPSiteScript throwing Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException error #5004
Unanswered
chrismcfarling
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Invoke-PnPSiteScript -Identity ec03e1a0-5777-43d9-b720-fc4dafd1c0e3 -WebUrl https://mytenant-admin.sharepoint.comis returning the following error
Initially I was connecting with
Connect-PnPOnline -Url "https://mytenant-admin.sharepoint.com" -DeviceLogin -Tenant mytenant.onmicrosoft.com -ClientId 1672a9ca-bab9-485b-8b06-dd6a648a0da1and then set up a certificate and tried
Connect-PnPOnline -Url "https://mytenant-admin.sharepoint.com" -ClientId 1672a9ca-bab9-485b-8b06-dd6a648a0da1 -Tenant mytenant.onmicrosoft.com -Thumbprint ad8af3c6b86adc90d344d85989c309650146ce92but getting the same result. I've added all seemingly relevant API permissions
Graph
Sites.FullControll.All (Application)
Sites.Manage.All (Application)
Sites.ReadWrite.All (Application)
SharePoint
Sites.FullControll.All (Application)
Sites.Manage.All (Application)
Sites.ReadWrite.All (Application)
SitesMetaDataAdmin.ReadWrite.All (Application)
AllSites.FullControll (Delegated)
AllSites.Read (Delegated)
The aud claim in the auth token is set to https://graph.microsoft.com. Is that correct, or should it be something else like https://mytenant-admin.sharepoint.com? Some online resources are saying that it should not be set to https://graph.microsoft.com, but I'm not so certain that the AI tools always know what they're talking about.
Any suggestions to resolve this?
Beta Was this translation helpful? Give feedback.
All reactions