I am trying to get the OAuth2 workflow to perform correctly for Azure AD. I am following the directions from this source: https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx
I can successfully get an authorization code response by using this request:
https://login.microsoftonline.com/[app-endpoint-id]/oauth2/authorize?response_type=code&client_id=[client-id]&redirect_uri=[redirect-uri]
I then use the authorization code to request an access token with a http post like so (I am testing this using Postman):
POST /[app-endpoint-id]/oauth2/token HTTP/1.1 Host: login.microsoftonline.com Cache-Control: no-cache Postman-Token: ed098281-9aa4-6e5f-915d-0253d9a876d3 Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&client_id=[client-id]&code=[authorization_code]&redirect_uri=[redirect_uri]&client_secret=[client-secret]&resource=[app-url]
I get the following error message from the POST request:
{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID 'app-id'. Send an interactive authorization request for this user and resource.\r\nTrace ID: trace-di\r\nCorrelation ID: correlation-id\r\nTimestamp: 2016-01-13 17:18:39Z","error_codes":[65001],"timestamp":"2016-01-13 17:18:39Z","trace_id":"trace-id","correlation_id":"correlation-id"}
If I clear my cache and make the first request for the authorization code I will be redirected to log in. However, I don't get any way to authorize my app after logging in like it says I should in this documentation:
//azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/
What am I doing wrong here? I am trying to get an access token.