2
votes

I am trying to get access token from access code. but there is a error of 400 Bad Request error

I am using this link to get Access code

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&response_type=code&redirect_uri=http://localhost/Home/About&scope=mail.read

in response of this link i am getting the code in query string with return url code=Mh12d04c8-8ea9-c82b-8cc5-b93cf913382c

i am using this code to get access token

https://login.microsoftonline.com/common/oauth2/v2.0/token?redirect_uri=http://localhost:51296/Home/AAA&client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&client_secret=Rmi2PNLPNM5agLh5aT5G82W&code=Mh12d04c8-8ea9-c82b-8cc5-b93cf913382c&scope=mail.read

But it is giving 400 Bad Request. please help me to solve this issue.

1
It will normally return an extended error code and error message. Can you check if that is the case and add them? For example, when I click the login.microsoftonline.com link, the error page has them in the lower right corner: "AADSTS90056: This endpoint only accepts POST requests. Received a GET request". Your POST would get a different error code.RasmusW
Also your redirect uri doesn't match between the calls. It needs to match what you've set during app registrationDan Kershaw - MSFT
@RasmusW no i did not get any error like this "AADSTS90056". i got the the bad request error 400. please help me.Dhrutika Rathod
@DanKershaw-MSFT my both return uri match which i set during registrationDhrutika Rathod
my another question is that "May i use personal Microsoft account with Microsoft Graph API?"Dhrutika Rathod

1 Answers

2
votes

For this kind of issue , as @RasmusW suggested , you could use a tool like Fiddler to find the inner error message in the response . And as @ Dan Kershaw pointed out , you need to make sure reply address url in token request should match the reply address in Authorization code request . Otherwise you will get the error : The reply address 'xxxxx' does not match the reply address 'xxxx' provided when requesting Authorization code.

According to your request , you are using the Authorization Code Flow with v2.0 endpoint . You must add a “grant_type” parameter in the token request , and the value must be “authorization_code” for the authorization code flow. Please check it first if the inner error message is “AADSTS90014: The request body must contain the following parameter: 'grant_type” . Please click here for more details about OAuth 2.0 Authorization Code Flow in v2.0 endpoint.

May i use personal Microsoft account with Microsoft Graph API

Yes .The v2.0 endpoint allow developers to write apps that accept sign-in from both Microsoft Accounts and Azure AD accounts, using a single auth endpoint.