oauth2 error AADSTS90014: The request body must contain the following parameter: 'grant_type'

Asked 27/3, 2018 at 12:40 Answered 4/3, 2023 at 0:24

From the development in Windev I use Oauth 2.0 for authorization to get access to the outlook mail from a user.

The application is registered at https://apps.dev.microsoft.com without the Implicit workflow. After the user enters the credentials, an Authorization Code is returned. With the new code the Bearer Token is requested with a HTTP Post command.

So far, so good.

Only that the response gives an error message that makes no sense to me.

In code:

m_sHTTPUrl = "client_id=" + m_sClientID + "&client_secret=" ...
    + m_sClientSecret ...
    + "&redirect_uri=" + m_sRedirectURL + "&code=" + m_sAuthToken ...
    + "&grant_type=authorization_code"
m_sHTTPres = ""
LogLocalFile("GetAccessToken - " + m_sTokenURL + " // " + m_sHTTPUrl) 

cMyRequest is httpRequest
cMyRequest..Method = httpPost
cMyRequest..URL = m_sTokenURL
cMyRequest..ContentType = "application/x-www-form-urlencoded"
cMyRequest..Header["grant_type"] = "authorization_code"
cMyRequest..Header["code"] = m_sAuthToken
cMyRequest..Header["client_id"] = m_sClientID
cMyRequest..Header["client_secret"] = m_sClientSecret
cMyRequest..Header["scope"] = m_sScope
cMyRequest..Header["redirect_uri"] = m_sRedirectURL
//cMyRequest..Content = m_sHTTPUrl
cMyResponse is httpResponse = HTTPSend(cMyRequest)
m_sHTTPres = cMyResponse.Content

In a logfile I requested the used parameters and the content of the httpResponse:

GetAccessToken - https://login.microsoftonline.com/common/oauth2/v2.0/token // grant_type=authorization_code
&code=xxxxxxx
&scope=openid+offline_access+User.Read+Email+Mail.Read+Contacts.Read
&redirect_uri=http://localhost/
&client_id=xxxxxxx
&client_secret=xxxxxxx

GetAccessToken - error = invalid_request
GetAccessToken - error_description = AADSTS90014: The request body must contain the following parameter: 'grant_type'.

The grant_type is in the header as it is supposed to be.

Does anybody have any clue of what is needed to get the OAUTH2 working ?

Spiro answered 27/3, 2018 at 12:40 Comment(2)

According to this post the oauth-2.0 parameters must be in the content of your request. Did you already try it ? This post warns also on the encoding of the body. – Cosmography 28/3, 2018 at 11:40

Thanx for the direction. a) It has to be in the body, not in the header. b) It has to be encoded, in plain text. Than it works. – Spiro 29/3, 2018 at 12:9

You need to pass everything in body as form-data:

curl --location --request POST 'https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token' \
--form 'grant_type=authorization_code' \
--form '<the code you have got from the authorization endpoint' \
--form 'client_secret=****' \
--form 'client_id=********' \
--form 'scope=m_sScope' \
--form 'redirect_uri=http://localhost/'

Lotuseater answered 14/10, 2020 at 12:55 Comment(1)

Does this also apply to the auth part? I am getting this error at the authorize endpoint, which as I understand it, comes before the token endpoint call. – Latvia 23/12, 2020 at 15:6

You shouldn't send grant_type neither in params nor in headers. Those should be sent in body params then only it will work.

Url: https://login.microsoftonline.com/common/oauth2/v2.0/token client_id, scope and redirect_uri params can be sent as query params. where as grant_type, code and client_secret should sent in body params.

grant_type:authorization_code, 
code: {code you got from the authorization step}, 
client_secret: ****

Hightower answered 5/3, 2019 at 9:52 Comment(6)

To convert params to formdata - https://mcmap.net/q/76919/-axios-post-request-to-send-form-data – Lamoureux 13/5, 2020 at 12:2

client_id, scope and redirect_uri must also be sent in the body – Carolincarolina 20/11, 2020 at 8:46

my god this service is such a turd! – Former 8/12, 2020 at 14:57

Read this if you are using axios to create the params properly. All of the params went in this way and it worked for me. – Goree 23/6, 2021 at 16:9

Converting the params to formdata worked for me! – Paediatrician 26/1, 2023 at 19:23

that's funny because I had to change it to x-www-form-urlencoded to get it working. In the header I have content-type set to application/x-www-form-urlencoded. – Orderly 29/6, 2023 at 13:44

If someone is still having this issue, You can try from postman like below. Please check the Body type as "x-www-form-urlencoded"

Desrosiers answered 4/3, 2023 at 0:24 Comment(0)

you should change the content type as : application/x-www-form-urlencoded

the body must to be formated as bellow:

 client_id=8cfbe8ac-8775-4c56-9302-k9d5a42cbf98
 &client_secret=BOy7Q~pGvXF.SWshX72mmMnQeAkvN5elHWiYT
 &grant_type=client_credentials
 &resource=https://miurl.com

Minoru answered 28/6, 2022 at 21:46 Comment(0)

when providing "Default Scope" value must be full name example , "User.Read" correct value can get from azure AD APP -> Api Permission

Trifoliate answered 15/10, 2019 at 7:10 Comment(0)

I finally got this right after referring to multiple answers.

POST https://login.microsoftonline.com//oauth2/token --make sure to enter the ID directly without <,>

Use 'x-www-form-urlencoded' format for the Body. Enter Keys & Values for the below parameters client_id - Client_ID on your Azure App client_secret - client_secret value and not the key. Note that this value is available only for the first time upon the client secret key creation grant_type - client_credentials (static words, don't try to look for the value) resource - App ID URI

reference link - https://learn.microsoft.com/en-us/previous-versions/azure/dn645543(v=azure.100)?redirectedfrom=MSDN

Niche answered 9/11, 2022 at 22:20 Comment(0)

Recommended topics

Hot tags