Azure AD Connection - Access token validation failure. Invalid audience

trmcclain · ‎02-09-2024

I've been trying to get SN connected with Azure AD.

We've setup our servicenow instance, configured exactly as laid out in https://www.youtube.com/watch?v=3sfeAB7rXHI

We can see on the Azure side, SN is connecting successfully to it, but despite the app permissions set and the oauth token looking good, I'm consistently getting: "Insufficient Permissions. Please Check Oauth Token and scope permission." errors,

When I look at the steps of my flow, I see the response body coming back with the message:

{"error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience.","innerError":{"date":"2024-02-09T16:14:10","request-id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","client-request-id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}}}

This happens regardless of if I trigger it through the Azure AD Spoke of IntegrationHub or if I build out a rest call and use the Azure AD credential alias.

Has anyone gotten past this? What am I missing?

Mindaugas_0x · ‎02-10-2024

It's not clear from your screenshots, but try and check if you have Oauth Entity Profile and scope(s) connected together. Basically scopes in your screenshot should appear under Oauth entity profile (open it and check embedded list). Had something similar before and this helped me.

trmcclain · ‎02-12-2024

I was hopeful you were on to something when I only saw 'Offline Acces' and 'graph API' under the OAuth Entity Profile, so I added the others from the spoke to make it match up. Unfortunately the error persists.

trmcclain · ‎02-12-2024

Here's a grab of the scope itself. The only standout in that list is that Offline access just has 'offline_access' as the scope. Everything else is formatted like this

Mindaugas_0x · ‎02-12-2024

We could be wrong here and it could be Azure thing. It mentions ‘audience’ , so you might need to check this article