Share via

Errors found in the ULS logs "Could not get value for application identifier"

David Gallego 0 Reputation points
2025-02-04T12:33:52.51+00:00

Hi,

We have a provider hosted app authenticating with Sharepoint SE. The authentication works, but in the ULS logs we can see the following unexpected errors happening very often under Security token category:

  • Could not get value for application identifier
  • Token app id claim value is emtpy*
  • Could not get value for tenant identifier

*Note that the error is mispelled, but that´s how it shows in the ULS logs

Below is an example of a token for user+add-in calls. Cheking https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/create-and-use-access-tokens-in-provider-hosted-high-trust-sharepoint-add-ins in principle we´re building the token correctly, so not sure where the errors above are coming from

OAuth Token: {"alg":"none","typ":"JWT"}.{"nameid":"...","nii":"urn:office:idp:activedirectory","actortoken":"...","nbf":1738253165,"exp":1738296365,

"iss":"clientId@realmId",

"aud":"00000003-0000-0ff1-ce00-000000000000/domain@realmId"};

actor: {"alg":"RS256","kid":"E54BC298D96CE367C201A7756C9A1ABB719C5A1B","x5t":"5UvCmNls42fCAad1bJoau3GcWhs","typ":"JWT"}.

{"nameid":"clientId@realmId","trustedfordelegation":"true",

"nbf":1738253165,"exp":1738296365,"iss":"issuerId@realmId",

"aud":"00000003-0000-0ff1-ce00-000000000000/domain@realmId"}

Thanks,

David Gallego

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,422 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ling Zhou_MSFT 21,955 Reputation points Microsoft Vendor
    2025-02-05T07:15:45.68+00:00

    Hi @David Gallego,

    Hope everything is going well.

    According to the log messages you provided, we can tell that two values are missing from your token: application identifier and tenant identifier.

    • Application identifier is the application ID, which is generated when we register Add-ins.
    • Tenant identifier is the tenant ID, which is the unique ID that identifies your tenant.

    However, in the high-trust authorization system for SharePoint Add-ins, the token is typically signed with a certificate rather than using an application ID and tenant ID.

    I have read through the token generation process carefully, and there doesn't seem to be any mention of needing these two values. If your token is working fine, please ignore these errors.

    If you still need to know the source of these errors., the best way to troubleshoot this issue further is to report it to the related team who has higher permission to investigate this issue from back end, collect the background logs and help you find the root cause.

    In this situation, I sincerely recommend that your open a ticket for this issue.

    Please do not hesitate to contact me if you have any questions.

    Moreover, If the answer is helpful, please click "Accept Answer" and kindly upvote it. It will be beneficial to more community members reading here.

    Your kind contribution is much appreciated.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.