I am fetching the attachments from SharePoint but getting Unsupported app token only error

Help Studio
, , , ,
1

Since the SharePoint Scope is no longer available in UI Path, we can no longer use the Get Attachments activity. As an alternative, I am working on a workaround using the Office 365 Scope with an Azure application.

I have configured the Application ID, Tenant ID, Client Secret, and Secret Password. Using this setup, I am successfully retrieving list items with the Get List Items activity. However, while the list contains attachments, they cannot be retrieved directly from the list items.

To access the attachments, I am using the HTTP Request activity. The process involves:

  1. First HTTP Request – Obtaining an Access Token
  2. Second HTTP Request – Using the token to retrieve attachments

However, I am encountering the “Unsupported App-Only Token” error when making the second request.

Can anyone guide me on resolving this issue? I have attached screenshots of the HTTP requests for better understanding.

Thanks.

SharePoint
SharePoint595×692 21.3 KB

2

Hi @sami.patel,

The “Unsupported App-Only Token” error typically occurs when the API endpoint you are calling does not support authentication using Application Permissions (App-Only Token) and instead requires Delegated Permissions (User-Based Token).

Use the Correct API Permissions

Regards,
Arivu

3

Hi @sami.patel

To resolve the “Unsupported App-Only Token” error, ensure your Azure app has the correct API permissions like Sites.Read.All or Sites.FullControl.All, grant admin consent for those permissions, and use the token obtained through App-Only Authentication with the necessary access scope for SharePoint.

Also Check the response code if 200 it means success otherwise some access issue.

4

image
image911×222 6.63 KB

You can see that I am giving the delegated permission but still I am getting the error.

“{"error_description":"Exception of type ‘Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException’ was thrown."}”

I just investigate this on chatgpt and it responded that use this

grant_type=authorization_code
client_id={your_client_id}
client_secret={your_client_secret}
scope=https://graph.microsoft.com/.default
code={authorization_code}
redirect_uri={your_redirect_uri}

Instead of client_credentials.

Now the question arises how I get the authorization code against the code because authorization code already against the grant_type.

Please explain me so I can fix my attachment issue.

Thanks.

5

You can see that I am giving the delegated permission but still I am getting the error.

image
image911×222 6.63 KB

“{"error_description":"Exception of type ‘Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException’ was thrown."}”

I just investigate this on chatgpt and it responded that use this

grant_type=authorization_code
client_id={your_client_id}
client_secret={your_client_secret}
code={authorization_code}
redirect_uri={your_redirect_uri}

Instead of client_credentials.

Now the question arises how I get the authorization code against the code because authorization code already against the grant_type.

Please explain me so I can fix my attachment issue.

Thanks.

6

You can see that I am giving the delegated permission but still I am getting the error.

image
image911×222 6.63 KB

“{“error_description”:“Exception of type ‘Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException’ was thrown.”}”

I just investigate this on chatgpt and it responded that use this

grant_type=authorization_code
client_id={your_client_id}
client_secret={your_client_secret}
code={authorization_code}
redirect_uri={your_redirect_uri}

Instead of client_credentials.

Now the question arises how I get the authorization code against the code because authorization code already against the grant_type.

Please explain me so I can fix my attachment issue.

Thanks.

7

Hi @sami.patel

Please check the below link . I hope it will helpful.
Granulate Permissions For SharePoint Online - News / Knowledge Base - UiPath Community Forum

8

Hi @sami.patel,

Per my understanding, for “delegated” authentication type, you can not use app id and secret to connect to SharePoint api. You will require to use username and password.

To be able to use app id and secret, you will need to gain application level permissions instead of delegated.

Kindly change your graph api permissions to application level instead of delegated, it should work.

Also, if you would like to try the solution by ChatGPT, add below as parameters:

grant_type=authorization_code
client_id={your_client_id}
client_secret={your_client_secret}
code={authorization_code}
redirect_uri={your_redirect_uri}

Try with authorization token also as parameter.

Regards
Sonali

9

Hi,

I am not using the graph API, I am using the SharePoint API. Should I change the SharePoint API permission to Application type or stay same with the delegated one?

grant_type=authorization_code
client_id={your_client_id}
client_secret={your_client_secret}
code={authorization_code}
redirect_uri={your_redirect_uri}

Secondly, we have the grant_type = authorization_code and then code = {authorization_code}, How I get this value?

Thanks.

10

Hi @sami.patel,

if you are using sharepoint API package, then this one already has an activity - Get attachments to download those from list items.

What led you to go this route then?

I am following this route only because I am using Graph API, and it doesn’t have any activity to download list attachments, hence I am trying to find out if by using this http activity, attachments url is exposed or not.

Regards
Sonali