Resource parameter when requesting access token?
It looks like your providing the correct properties but not in the correct format. To get the token you need to issue a POST this data formatted for application/x-www-form-urlencoded
to https://login.microsoftonline.com/common/oauth2/v2.0/token
. From your example, it looks like your sending your data as JSON
rather than x-www-form-urlencoded
.
POST URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
POST HEADER: Content-Type: application/x-www-form-urlencoded
POST BODY: grant_type=authorization_code&code=[AUTHORIZATION CODE]&
client_id=[APPLICATION ID]&client_secret=[PASSWORD]
&scope=[SCOPE]&redirect_uri=[REDIRECT URI]
I wrote up a Microsoft v2 Endpoint Primer a few months back that might help walk you through the procedure.
Related videos on Youtube
twbbas
Updated on June 04, 2022Comments
-
twbbas almost 2 years
I'm following this guide to authenticate with Microsoft Graph. I am able to successfully do the first request (for an authorization code) but am having issues with the second request (requesting an access token).
Params for the second request (for access token):
client_id: <my id> client_secret: <my secret> code: <authorization code returned from first request> redirect_uri: http://localhost:8080/Callback grant_type: authorization_code scope: https://graph.microsoft.com/user.read
Error from second request:
{ "error": "invalid_resource", "error_description": "AADSTS50001: Resource identifier is not provided.\r\nTrace ID: <my trace id>\r\nCorrelation ID: <my correlation id>\r\nTimestamp: 2017-05-03 15:25:42Z", "error_codes": [ 50001 ], "timestamp": "2017-05-03 15:25:42Z", "trace_id": <my trace id>, "correlation_id": <my correlation id> }
However, my request works fine (returns a bearer and refresh token) if I add this extra parameter:
resource: https://graph.microsoft.com/
I don't see this resource parameter mentioned anywhere in the docs except the example under Getting an access token on this page.
My questions are:
- Why am I getting the above error when my request seems to match the documentation?
- When do I need to include the resource parameter?
EDIT: See Marc's answer below and my comment response.
Turns out I was using the following URLs:
https://login.microsoftonline.com/common/oauth2/authorize
https://login.microsoftonline.com/common/oauth2/token
when I should have been using:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
https://login.microsoftonline.com/common/oauth2/v2.0/token
After using the ones with
v2.0
, I didn't need to include myresource
parameter in the token request anymore.-
saman0suke over 5 yearsThat "2.0" part of the URL was what I needed, thanks!
-
twbbas almost 7 yearsThis is for a Microsoft Graph app (not Azure AD) and I do have the user.read delegated permission set on the Microsoft Graph app page.
-
piisexactly3 almost 7 yearsYou've linked to a Azure AD guide, which is the source of my confusion. You probably need to enable Azure AD permissions to get that example to work.
-
twbbas almost 7 yearsHi Marc, thanks for the response and great blog post. I formatted my parameters kind of weird in my question. I am sending it via POST to login.microsoftonline.com/common/oauth2/v2.0/token with content type: application/x-www-form-urlencoded and my params through the body. In case it matters, I've just been using Postman for now but will be eventually doing this through Java (but not on Android). So, I'm still doing everything as you said in your answer and in your blog post but still getting the same error. Do you have any other ideas? Or need me to provide other details?
-
Marc LaFleur almost 7 yearsUnderstood. Can you add the full URIs your calling and the headers?
-
twbbas almost 7 yearsFigured it out! After your suggestion, I looked closer at my URLs and it turns out I was using
https://login.microsoftonline.com/common/oauth2/authorize
andhttps://login.microsoftonline.com/common/oauth2/token
(without thev2.0
) and that was the issue. I'm not sure how I ended up with mismatched URLs but that was the issue. I just simply set both tov2.0
and everything started working. I'll accept your answer since it is correct. I'll be sure and include the full URLs from the start.