How to get accesstoken via code using Azure Oauth 2.0

0
votes

The situation: I have successfully get the code parameter from returning url via

https://login.microsoftonline.com/{tenant}/oauth2/authorize?client_id=XXXX-XXXX-XXXX&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2F&response_mode=query

now I need to get accesstoken for getting user info, I post parameters to this url:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

2 ways I had tried: 1.

var nvc = new NameValueCollection();
          nvc.Add("grant_type", "authorization_code");
          nvc.Add("client_id", "xxx-xxxx-xxxx");
          nvc.Add("code", code.Value);
          nvc.Add("redirect_uri", "http://localhost/");
          nvc.Add("client_secret", "XXXXXXXXXXXXXX=");
          nvc.Add("resource", "https://graph.microsoft.com/");
          nvc.Add("scope", "email");                            
          client.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
          var response = Encoding.UTF8.GetString(client.UploadValues(url,"POST", nvc));

2.

var xx = new StringContent("grant_type=authorization_code"+
         "&client_id=xxx-xxxx-xxxx" + 
         "&code=codeXXXXXXXX" + 
         ...
         "&resource=https://graph.microsoft.com/",
         Encoding.UTF8,
         "application/x-www-form-urlencoded");

client.PostAsync(url,xx);

All of them returned a error 400, and I got a error message : 

{  
   "error":"invalid_request",
   "error_description":"AADSTS90014: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: 207dd940-78ff-46ba-bec0-00821c850f00\r\nCorrelation ID: 803afff4-3917-4030-a19b-b5629e1faf97\r\nTimestamp: 2017-05-19 02:51:19Z",
   "error_codes":[  
      90014
   ],
   "timestamp":"2017-05-19 02:51:19Z",
   "trace_id":"207dd940-78ff-46ba-bec0-00821c850f00",
   "correlation_id":"803afff4-3917-4030-a19b-b5629e1faf97"
}
3
azureoauthazure-active-directoryaccess-token

3 Answers

0
votes

First, you were mixing the Azure AD endpoint with Azure AD V2.0 endpoint. And from the error message, you didn't specify the grant_type parameter. Please make sure to send this parameter in the request. And the send request should also return the different error like The 'resource' request parameter is not supported.

If you were using the Azure AD endpoint, you can refer this link for the request to acquire the token. And for the Azure AD V2.0 you can refer v2.0 Protocols - OAuth 2.0 Authorization Code Flow.

If you still have the problem, please share the exact code you were developing and let us know which endpoint you were developing.

0
votes

As Fei Xue mentioned, you should not mix the endpoints. You can use:

https://login.microsoftonline.com/{tenant}/oauth2/token

to get the access token.

0
votes

Thank you guys.

I finally fellow this article and successfully got the access token, logged user info. The point to successfully get the access token is to give right parameters, the following block shows an example of correct parameters.

public static string clientId = "9fb8ee69-xxxx-xxxx-xxxx-xxxxxxx";
    public static string authority = "https://login.windows.net/9c80d42c-yyyy-yyyy-yyyy-yyyyyyyyy/oauth2/authorize";
    public static string returnUri = "https://kuozuinotification.azurewebsites.net/.auth/login/aad/callback"; << my issue caused by here
    private const string resource = "https://graph.windows.net/";