OneDrive Resumable item upload returns 401 InvalidAuthenticationToken

[whatalarry]

Category

• [ ] Question
• [ ] Documentation issue
• [x] Bug

Expected or Desired Behavior

I am using Microsoft business account assigned by company admin with admin permission to register application in Azure. This app would be used for file uploading only.

In Resumable item upload, the uploading PUT request would upload file content to onedrive using the returned "uploadUrl" from createUploadSession request.

Observed Behavior

In Resumable item upload, the uploading PUT request got 401 error {"code":"InvalidAuthenticationToken","message":"Access token is empty." }

• Date: 2021-10-25T23:36:29
• request-id: 3a3c1c39-ed29-4373-8273-68918bd7decb
• SPRequestGuid: 460b55de-ca08-4484-918d-768e875bfa01

Steps to Reproduce

1. In Azure App registration: 1.1. Authentication section:

   • Setup a web platform with a redirected URI.
   • Select the tokens you would like to be issued by the authorization endpoint: Access Token.
   • Supported account types: Accounts in any organizational directory (Any Azure AD directory - Multitenant).

   1.2. API Permissions section:

   • Configured delegated permissions of "Files.ReadWrite", "Files.ReadWrite.All", "Sites.ReadWrite.All;".

2. I tried to upload a simple txt file (test.txt with plain text of 34 char in length). I used ROPC signin flow and successfully signed in with the above same permission as scope in signin request, and got access_token back.

Response: {"token_type":"Bearer","scope":"Files.ReadWrite Files.ReadWrite.All Sites.ReadWrite.All profile openid email","expires_in":3599,"ext_expires_in":3599,"access_token":"{access_token}"}

3. Then I requested an upload session using this access_token in request header, and successfully got 200 response with uploadUrl.

Request: POST => https://graph.microsoft.com/v1.0/me/drive/root:/test/test.txt:/createUploadSession Authorization: Bearer {access_token}

Response: {"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.uploadSession","expirationDateTime":"2021-10-25T23:51:29.459Z","nextExpectedRanges":["0-"],"uploadUrl":"https://dalb-my.sharepoint.com/personal/{account_email}/_api/v2.0/drive/items/01HPUOG5DEW446POE6U5GLHL7PJH75Q3RM/uploadSession?guid='460b55de-ca08-4484-918d-768e875bfa01'&overwrite=True&rename=False&dc=0&tempauth={tempauth_string}"}

4. Then I use this url to submit PUT request (NO access_token in header) right away to upload whole chunk of file, I got 401 response. Request: PUT {Returned uploadUrl} Content-Length: 34 Content-Range: bytes 0-33/34

<bytes 0-33 of the file>

Response: {"error":{"code":"InvalidAuthenticationToken","message":"Access token is empty.","innerError":{"date":"2021-10-25T23:36:29","request-id":"3a3c1c39-ed29-4373-8273-68918bd7decb","client-request-id":"3a3c1c39-ed29-4373-8273-68918bd7decb"}}}

I researched some posts with similar situations, but still cannot figure it out for my case. 1) access_token is applied from https://graph.microsoft.com, while returned uploadUrl is https://{tenant}-my.sharepoint.com/personal/{account_email}/... Not sure if this is cause. 2) Returned uploadUrl length is around 1400-1600, more < 2000. So should not be URL length problem. 3) App was registered as "Accounts in any organizational directory (Any Azure AD directory - Multitenant)". Assigned permissions are type of delegated.

Please help.

[ghost]

Thank you for your contribution to OneDrive API Docs. We will be triaging your incoming issue as soon as possible.

[whatalarry]

Found bug in our code side, nothing related to OneDrive. Close it.