My Products
Help

401 Unauthorized: Invalid audience when calling API

by Gert-Jan van der Kamp

Hi, 

 

I'm trying to connect to the Visma.net api, but keep getting this error message: 401 Unauthorized

{
"ExceptionType": "IPPException",
"ExceptionMessage": "Invalid audience",
"ExceptionFaultCode": "12010",
"ExceptionMessageID": "12010_33324c4c-a22f-4cda-8287-8bf2cea6bb5f",
"ExceptionDetails": ""
}

 

This is my request: 

GET https://integration.visma.net/API/resources/v1/context
ipp-company-id : 4364694
ipp-application-type : Visma.net Financials
Authorization : Bearer xxx

 

Here is the body of my JWT:

{
"iss": "https://connect.visma.com",
"nbf": 1667751919,
"iat": 1667751919,
"exp": 1667755519,
"scope": [
"openid",
"email",
"profile",
"offline_access"
],
"amr": [
"pwdless",
"face_fpt"
],
"client_id": "isv_xlconnect",
"sub": "a09c73a0-6bc8-4331-8949-74a016ff7494",
"auth_time": 1667750563,
"idp": "Visma Connect",
"llt": 1667747599,
"acr": "3",
"sid": "2e8b4d29-8f5d-50d5-2a69-1003c96232a1"
}

 

I tried to add financialstasks to my scopes but that throws an error on login.. 

 

Can anyone spot what I'm doing wrong? 

2 REPLIES 2

by Gert-Jan van der Kamp

Hi apologies for the late reply, I couldn't post to the forum. 

 

I setup an app registration isv_xlconnect in the developer portal, it's Native app with PKCE and OpenID Connect. 

 

Then use this code with IdentityModel to get the cookie: 

 

var options = new OidcClientOptions() {
Authority = "https://connect.visma.com",
ClientId = "isv_xlconnect",
Scope = "openid email profile offline_access",
RedirectUri = "http://localhost:8888/callback/"
};

 

That all works fine, it returns a webtoken. But the call to the api abobe fail with the message. 

 

One thing I can see is that the applictation regsitration I made in the dev portal uses as https://connect.visma.com authority, while the api uses https://signin.visma.net/ when I click authorize on the Swagger Docs. Could that be the issue? 

 

by Magnus Johnsen

Hi,

The error message means that your token has expired. 

 

Could you please describe your workflow as detailed as possible?