Login/Register
Microsoft Live API - The access token isn't valid
Asked Answered
live-sdkwindows-livewindows-live-id
G

1

10

I'm trying to implement "login with Outlook.com" flow, which involves client and server code. The flow is:

  1. from the client redirect the user to:

https://login.live.com/oauth20_authorize.srf?client_id=< client_id >&response_type=code&redirect_uri=< the login html page >&scope=openid+offline_access+profile+https:%2f%2foutlook.office.com%2fmail.send+https:%2f%2foutlook.office.com%2fcontacts.read+onedrive.readwrite

  1. I get the code back to my html page and post it to MY java server.

  2. On the server side I use the code to obtain access and refresh token, using a POST request to: https://login.live.com/oauth20_token.srf

with the next parameters in the body: client_id, redirect_uri, client_secret, grant_type="authorization_code" and code=< the code from the previous step >.

I receive the access_token and refresh_tokem and they are supposed to valid for 1 hour.

  1. Still on the server, I call the URL

https://apis.live.net/v5.0/me?access_token=< the access-token I just got >

and get error 401:

{
   "error": {
      "code": "request_token_invalid", 
      "message": "The access token isn't valid."
   }
}

Is this flow possible?

Gourley answered 3/9, 2016 at 10:0 Comment(0)
P
0

I was finally able to get this working.

First of all, the correct endpoint for obtaining user information is:
https://graph.microsoft.com/v1.0/me

Secondly, the scope in step 1 should not be set to openid ... but rather User.Read.

Pomade answered 30/4, 2019 at 3:26 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.