Resource parameter when requesting access token?

I'm following this guide to authenticate with Microsoft Graph. I am able to successfully do the first request (for an authorization code) but am having issues with the second request (requesting an access token).

Params for the second request (for access token):

client_id: <my id>
client_secret: <my secret>
code: <authorization code returned from first request>
redirect_uri: http://localhost:8080/Callback
grant_type: authorization_code
scope: https://graph.microsoft.com/user.read

Error from second request:

{
  "error": "invalid_resource",
  "error_description": "AADSTS50001: Resource identifier is not provided.\r\nTrace ID: <my trace id>\r\nCorrelation ID: <my correlation id>\r\nTimestamp: 2017-05-03 15:25:42Z",
  "error_codes": [
    50001
  ],
  "timestamp": "2017-05-03 15:25:42Z",
  "trace_id": <my trace id>,
  "correlation_id": <my correlation id>
}

However, my request works fine (returns a bearer and refresh token) if I add this extra parameter:

resource: https://graph.microsoft.com/

I don't see this resource parameter mentioned anywhere in the docs except the example under Getting an access token on this page.

My questions are:

1. Why am I getting the above error when my request seems to match the documentation?
2. When do I need to include the resource parameter?

EDIT: See Marc's answer below and my comment response.

Turns out I was using the following URLs:

https://login.microsoftonline.com/common/oauth2/authorize https://login.microsoftonline.com/common/oauth2/token

when I should have been using:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize https://login.microsoftonline.com/common/oauth2/v2.0/token

After using the ones with v2.0, I didn't need to include my resource parameter in the token request anymore.

This is for a Microsoft Graph app (not Azure AD) and I do have the user.read delegated permission set on the Microsoft Graph app page.

You've linked to a Azure AD guide, which is the source of my confusion. You probably need to enable Azure AD permissions to get that example to work.

Hi Marc, thanks for the response and great blog post. I formatted my parameters kind of weird in my question. I am sending it via POST to login.microsoftonline.com/common/oauth2/v2.0/token with content type: application/x-www-form-urlencoded and my params through the body. In case it matters, I've just been using Postman for now but will be eventually doing this through Java (but not on Android). So, I'm still doing everything as you said in your answer and in your blog post but still getting the same error. Do you have any other ideas? Or need me to provide other details?

Understood. Can you add the full URIs your calling and the headers?

Figured it out! After your suggestion, I looked closer at my URLs and it turns out I was using https://login.microsoftonline.com/common/oauth2/authorize and https://login.microsoftonline.com/common/oauth2/token (without the v2.0) and that was the issue. I'm not sure how I ended up with mismatched URLs but that was the issue. I just simply set both to v2.0 and everything started working. I'll accept your answer since it is correct. I'll be sure and include the full URLs from the start.