locked
oAuth problem with registered application RRS feed

  • Question

  • I have a custom web application registered with a new Azure AD.  I am trying to have the authorization_code grant type working with the custom code app.  I did successfully get the authorization code but I cannot get the access tokens.  HTTP response status code is 400 (Bad Request) and the response body is:

    Failed to get oAuth2 tokens. Try to log in again. Code: 400, Body: {"error":"unsupported_grant_type","error_description":"AADSTS70003: The access grant 'authorization-code' is not supported.

    I am executing a post to the oAuth2 token endpoint for my application.  The post body has:

    client_id=<the id>&client_secret=<the secret>&grant_type=authorization_code&code=<the code>&redirect_uri=<my app redirect uri on http not https, the app is publicly accessible but not hosted in Azure>

    I also have the request header: 'Content-Type'] = 'application/x-www-form-urlencoded'

    I tried with and without a resource in the form data fields, same results. Did a lot of research but nothing I found helped.  It seems like this is a misleading message and the actual error is somewhere else.  I would very much appreciate any feedback

    Tuesday, August 18, 2015 4:16 AM

Answers

  • For those who read this thread, I found the problem.  I was passing in the wrong grant type.  I was using the incorrect authorization-code instead of the correct authorization_code.

    The fact that the client_credentials grant type worked for me masked my invalid grant_type value problem and did not prove that Azure oAuth2 had a bug.  Azure oAuth2 works exactly as intended.  

    I hope this helps others who are exploring Azure oAuth2.


    CalDoAuth


    Wednesday, August 19, 2015 12:12 PM

All replies

  • Hi,

    Thanks for posting here!

    It appears to be an Azure AD token issuance endpoint error. Change the grant type in the request and see if that works. For information, see Authorization Code Grant Flow and Service to Service Calls Using Client Credentials.

    You might also want to take a look at this similar discussion: http://stackoverflow.com/questions/25408669/the-access-grant-authorization-code-is-not-supported-from-azure-ad-using-oauth

    Hope this helps!

    Best Regards

    Sadiqh Ahmed

    ________________________________________________________________________________________________________________

    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

    Tuesday, August 18, 2015 7:17 AM
  • Sadiqh,

    Thank you very much for your answer.  I was aware of the stackoverflow posting and I tried what was suggested there for the authorizatiin_code grant type.  That didn't help and that is why I posted here.

    I was able to get a token using the client_credentials grant type.  However, that is not the oAuth2 workflow what I must implement.

    I have an additional questions now that client_credentials does return a token,  How would one retrieve the Azure AD user profile date using the token?

    Thanks again.

    Cal


    CalDoAuth

    Tuesday, August 18, 2015 1:05 PM
  • For those who read this thread, I found the problem.  I was passing in the wrong grant type.  I was using the incorrect authorization-code instead of the correct authorization_code.

    The fact that the client_credentials grant type worked for me masked my invalid grant_type value problem and did not prove that Azure oAuth2 had a bug.  Azure oAuth2 works exactly as intended.  

    I hope this helps others who are exploring Azure oAuth2.


    CalDoAuth


    Wednesday, August 19, 2015 12:12 PM