“Token type is not allowed” Error when Invoking SharePoint REST API

Recently I blogged on how to “Invoke SharePoint REST API from Power Automate Desktop”, in the blog we are granting Power Automate Desktop Application access using SharePoint App-Only Authentication.

All worked well for me, however one of my subscribers complained that they are getting the error below –

{"error":"invalid_request","error_description":"Token type is not allowed."}

As a first step of troubleshooting, I requested them to check if they are facing the same problem using a REST Client(Postman) and this confirmed that the problem is not really related to Power Automate Desktop.

On Investigating further, I found that Microsoft has rolled out a change to all SharePoint Online tenants created on or after August 2020 which restricted App-Only Authentication. Tenants created before this time work just fine.

Fortunately the tenant’s behaviour can be changed as follows:

  Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version

Please note that upgrading an old Management Shell can be problematic. Please see this blog post for more details. 

  • Launch the ‘SharePoint Online Management Shell’ as Administrator.
  • Connect to your environment’s tenant admin URL using the following command.
Connect-SPOService -Url https://tenant-admin.sharepoint.com

Make sure you replace the URL with your tenant name and include the ‘-admin’ suffix. You will be asked to login, please make sure the credentials for a SharePoint admin are specified. (You may need to reach out to your SharePoint Online support team in order to make this change).

  • Execute the following command to make the change
    Set-SPOTenant -DisableCustomAppAuthentication $false

Please note that it may take 5 minutes for this change to take effect. 

Subscribe to this blog for the latest updates about SharePoint Online, Nintex, Microsoft Flow, Power Apps, and document conversion and manipulation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s