oAuth2 - AADSTS90009 : Issue in connecting Azure Active Directory

1
votes

I am getting below error while connecting to Azure Active Directory

"AADSTS90009: Application 'xxxxxxxxxxxxxxxxx' is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.

3
azureazure-active-directory
Please add more information about what you are trying to do and your current Azure AD configuration (app registration, permissions, etc.). Given the error, it seems that you are requesting an access token for an application (resource equal to App ID URI) by using the same application as client.Riccardo Bellini
Hi.. I got the below information from the AAD Configuration Team, calling the token URL using PostmanGirija S
Hi.. I got the below information from the AAD Configuration Team, calling the token URL using Postman login.microsoftonline.com{tenant_id}/oauth2/token grant_type:"password" client_id:"XXXXXX" (Application ID) username:"[email protected]" password:"XXXX" resource:"XXXXX" (Application ID URI) client_secret:"XXXXXXX"Girija S
Application Type : Web APP APIGirija S
Is that you want to use web app to call you web API?axfd

3 Answers

0
votes

If you want to use web application to call web API, please refer to the sample. The detailed steps.

  1. Register your Web API application in Azure Portal. For more details, please refer to the document.
  2. Register your Web app application in Azure Portal

  3. Grant permission.(add you web API application in you web app application)

    a. select you web application
    b. set permissions. enter image description here enter image description here enter image description here enter image description here

  4. Get access token

    Method : POST

    URL : https://login.microsoftonline.com/ [Directory ID]/oauth2/token

    Headers

    Cache-Control : no-cache Content-Type : application/x-www-form-urlencoded

    Body

    grant_type : password resource : Your App ID URI client_id : [application id] client_secret : [key value] username : [account name] password : [Password]

0
votes

This error is saying that the field you provided in the resource parameter is requesting tokens for itself.

Alternatively, you can provide an app ID URI of a web API you've registered or another resource with scopes to get tokens for that resource (Microsoft Graph, Office API, etc).

0
votes

The error information indicates that you are using Azure AD application url as resource.

As qwe mentioned that you need to use the WebApp API(Not Azure AD application) you wanted to access as resource. For more information please refer to this link.

POST https://login.microsoftonline.com/{tenantId}/oauth2/token 

Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id={clientId}&client_secret={secret key}=&resource={resourceaddress}

enter image description here

Note: If we want to use the OAuth 2 grant type: password, we need to registry Azure AD native application. For more information please refer to another SO thread.