Invalid request. Request is malformed or invalid. While getting Access Token From Azure

azure oauth-2.0 azure-active-directory azure-ad-graph-api

11,570

Solution 1

I got the same issue, and finally figure out that my problem is that the code returned after authorization in the redirect uri is actually something like www.yourredirecturl.com/?code=....&section_state=....

So copy the whole thing after ?code= simple include the &section_state and make the code incorrect. Hope this resolve your problem.

Solution 2

If I am not wrong you are trying to get get token using OAuth 2.0 code grant flow.

For this code flow there are two steps:

Request an authorization code
With this authorization code need request token

Get authorization code

You paste following code either in browser or post man. In postman do it like below:

https://login.microsoftonline.com/YourTennatId.onmicrosoft.com/oauth2/authorize?client_id=YourClentId&response_type=code&redirect_uri=https://www.getpostman.com/oauth2/callback&response_mode=query&scope=offline_access%20user.read%20mail.read

Once you got the authorization code , copy it for next step.

Use the authorization code to request an access token:

Token Request Endpoint: https://login.microsoftonline.com/YourTenantId/oauth2/token

client_id:YourClientId
scope:https://graph.microsoft.com/User.ReadWrite.All
redirect_uri:https://www.getpostman.com/oauth2/callback
grant_type:authorization_code
client_secret:YourAppsSecret
code:Paste Your Code Here

Post Man Format:

Hope this will resolve your problem.

11,570

Author by

Anand Deshmukh

Updated on June 13, 2022

Comments

Anand Deshmukh almost 2 years
I am trying to Get access token from Azure AD. For that I have performed below Steps

1) Created an Enterprise application on Azure Active Directory

2) I am able to get the Access token using Authorisation --->> 'Get New Access token'

3) Hit the 'POST' request for https://login.microsoftonline.com/<Application ID>/oauth2/token URL

Have Configured below for POST Body
- Authorization TYPE is OAuth 2.0
- Passed the Body using 'form-data' as below
ClientID is ApplicationID from Application created at 1st step

Code is Also ApplicationID from Application created at 1st step

Not sure if I have configured it correctly

4) Using Same access code when I try to send an Request I am getting below error response
```
`{
    "error": "invalid_grant",
    "error_description": "AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 60b8fb68-40d5-43da-9b7b-36de021c2900\r\nCorrelation ID: 90ed2f2c-1ac8-4044-8742-493a3fce51be\r\nTimestamp: 2019-07-03 12:42:32Z",
    "error_codes": [
        9002313
    ],
    "timestamp": "2019-07-03 12:42:32Z",
    "trace_id": "60b8fb68-40d5-43da-9b7b-36de021c2900",
    "correlation_id": "90ed2f2c-1ac8-4044-8742-493a3fce51be"
}
```
Please let me know where I am wrong or something needs to be changed.
Anand Deshmukh almost 5 years

Do I need active subscriptions in azure while making making above call for authorization code ? I am doing this proof of concept before actual implementation in my code. ??
Abraham Linkon almost 5 years

Yeah you need that. In that case may not get token.
djdance over 2 years

let code=location.search.split('code=')[1]; code=code.split('&')[0]; //add this