Postman with OAuth2.0 to a registered app in Azure Active Directory fails with Invalid Resource

Question

I am following the tutorial here: https://learn.microsoft.com/en-us/sharepoint/dev/apis/webhooks/get-started-webhooks I am having trouble finishing step 5. Postman always gives me this error and I am not sure why.

Troubleshooting details
If you contact your administrator, send this info to them.
Copy info to clipboard
Request Id: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Correlation Id: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Timestamp: 2022-11-18T09:34:11Z
Message: AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX(Postman App). Resource value from request: https://<mysite>.sharepoint.com. Resource app ID: 00000003-0000-0ff1-ce00-000000000000. List of valid resources from app registration: fe7b6ec1-3281-4dd6-8864-dff33cd1021e, 00000003-0000-0000-c000-000000000000.
Flag sign-in errors for review: Enable flagging
If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.

00000003-0000-0000-c000-000000000000 is Graph. fe7b6ec1-3281-4dd6-8864-dff33cd1021e is SharePoint Online Client Extensibility Web Application Principal Helper.

In the error it says the app id (00000003-0000-0ff1-ce00-000000000000) that I am trying to use and then lists the valid resources form my app. I can add another resource to the app and it will be listed there in the error message but I do not know how to add my specific resource to the list. Does anyone know how I can do that or if that is even what I need to be doing?

Answer 1

I tried to reproduce the same in my environment and got the results successfully like below:

I created an Multi-Tenant Azure AD application and consented the below API permissions:

To generate the access token, I used below parameters:

Grant Type : Authorization Code
Callback URL : redirect_uri
Auth URL : https://login.microsoftonline.com/common/oauth2/authorize?resource=https://TENANT.sharepoint.com
Access Token URL : https://login.microsoftonline.com/common/oauth2/v2.0/token
Client ID : CLIENTID
Client Secret : ClientSecret

Access token successfully generated like below:

To get Documents list Id click on Use Token and execute the query like below:

GET https://XXXX.sharepoint.com/_api/web/lists/getbytitle('Documents')?$select=Title,Id