Invalid request. Request is malformed or invalid. While getting Access Token From Azure

Asked 3/7, 2019 at 13:4 Answered 15/5, 2020 at 12:15

azure oauth-2.0 azure-active-directory azure-ad-graph-api

I am trying to Get access token from Azure AD. For that I have performed below Steps

1) Created an Enterprise application on Azure Active Directory

2) I am able to get the Access token using Authorisation --->> 'Get New Access token'

3) Hit the 'POST' request for https://login.microsoftonline.com/<Application ID>/oauth2/token URL

Have Configured below for POST Body

Authorization TYPE is OAuth 2.0
Passed the Body using 'form-data' as below

ClientID is ApplicationID from Application created at 1st step

Code is Also ApplicationID from Application created at 1st step

Not sure if I have configured it correctly

4) Using Same access code when I try to send an Request I am getting below error response

`{
    "error": "invalid_grant",
    "error_description": "AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 60b8fb68-40d5-43da-9b7b-36de021c2900\r\nCorrelation ID: 90ed2f2c-1ac8-4044-8742-493a3fce51be\r\nTimestamp: 2019-07-03 12:42:32Z",
    "error_codes": [
        9002313
    ],
    "timestamp": "2019-07-03 12:42:32Z",
    "trace_id": "60b8fb68-40d5-43da-9b7b-36de021c2900",
    "correlation_id": "90ed2f2c-1ac8-4044-8742-493a3fce51be"
}

Please let me know where I am wrong or something needs to be changed.

Syndactyl answered 3/7, 2019 at 13:4 Comment(0)

The problem is that the code returned after authorization in the redirect URI is actually something like www.yourredirecturl.com/?code=....&section_state=....

So copy the whole thing after ?code=; include the &section_state and make the code incorrect.

Plio answered 15/5, 2020 at 12:15 Comment(1)

let code=location.search.split('code=')[1]; code=code.split('&')[0]; //add this – Goldplate 8/10, 2021 at 19:14

If I am not wrong you are trying to get get token using OAuth 2.0 code grant flow.

For this code flow there are two steps:

Request an authorization code
With this authorization code need request token

Get authorization code

You paste following code either in browser or post man. In postman do it like below:

https://login.microsoftonline.com/YourTennatId.onmicrosoft.com/oauth2/authorize?client_id=YourClentId&response_type=code&redirect_uri=https://www.getpostman.com/oauth2/callback&response_mode=query&scope=offline_access%20user.read%20mail.read

Once you got the authorization code , copy it for next step.

Use the authorization code to request an access token:

Token Request Endpoint: https://login.microsoftonline.com/YourTenantId/oauth2/token

client_id:YourClientId
scope:https://graph.microsoft.com/User.ReadWrite.All
redirect_uri:https://www.getpostman.com/oauth2/callback
grant_type:authorization_code
client_secret:YourAppsSecret
code:Paste Your Code Here

Post Man Format:

Hope this will resolve your problem.

Rep answered 3/7, 2019 at 14:0 Comment(2)

Do I need active subscriptions in azure while making making above call for authorization code ? I am doing this proof of concept before actual implementation in my code. ?? – Syndactyl 4/7, 2019 at 6:14

Yeah you need that. In that case may not get token. – Rep 7/7, 2019 at 3:22

Recommended topics

Hot tags