locked
Getting status code 400 (Bad Request error) from oauth20_token.srf during Authorization code grant flow

    Question

  • Well, i getting error 400 (Bad request) as result of executing this step 5 of Authorization code grant flow    from here: http://msdn.microsoft.com/en-us/library/live/hh243647.aspx#request

    POST https://login.live.com/oauth20_token.srf
    
    Content-type: application/x-www-form-urlencoded
    
    client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&client_secret=CLIENT_SECRET&code=AUTHORIZATION_CODE&grant_type=authorization_code


    • Edited by Konstardiy Sunday, October 14, 2012 8:05 PM Fixed a typo
    Sunday, October 14, 2012 8:00 PM

Answers

  • I solved my issue. According to documentaton (here: http://msdn.microsoft.com/en-us/library/live/hh243647.aspx#request ) i had to do the POST request, but actually that API expects GET request. What the hell? Why API documentation is so messy? I lost "just" two days due this inadequate documentation, but other developers may simply force their managers to switch into Facebook Connect (hey, it seems you may get a lawsuit from Zukerberg due to simular name!) or Google API.
    LOL and sad. Hope my small adventure will help someone...
    • Edited by Konstardiy Monday, October 15, 2012 11:51 AM removed unsupported BBCode
    • Marked as answer by Konstardiy Monday, October 15, 2012 1:32 PM
    Monday, October 15, 2012 11:50 AM

All replies

  • what kind of scopes you have? How are you getting user concent for the first time? If you have wl.offline_access then you can skip step#5. Your first user concent response would contain a RefreshTOken, use that to exchange for new AccessToken.


    Regards, Adarsha

    Monday, October 15, 2012 5:05 AM
  • Thanks for reply. I getting this error when tryng to get access token at server-side, using authorization token LiveConnect provided me as part of flow.

    Since i need wl.offline_access scope, i have to use such flow. Other scopes i ask (and was able to consent from my personal account in popup window) are wl.basic, wl.emails and wl.birthday. I getting this status code 400 as a WebException on my server-side code.

                    var request = WebRequest.CreateHttp("https://login.live.com/oauth20_token.srf");
                    var rawString = string.Format("client_id={0}&redirect_uri={1}&client_secret={2}&code={3}&grant_type=authorization_code",
                        Uri.EscapeDataString(lc.ClientID),
                        Uri.EscapeDataString(context.HttpContext.Request.Url.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path | UriComponents.KeepDelimiter, UriFormat.Unescaped)),
                        Uri.EscapeDataString(lc.ClientSecret),
                        Uri.EscapeDataString(code),
                        Uri.EscapeDataString(state));
    
    
                    request.UseDefaultCredentials = false;
                    request.Method = "POST";
                    request.ContentType = "application/x-www.form-urlencoded;charset=UTF-8";
                    using(var writer = new StreamWriter(request.GetRequestStream(), Encoding.UTF8))
                    {
                        writer.Write(rawString);
                    }
                    using (var reply =  request.GetResponse())
                    {
                        using(var replyStream = reply.GetResponseStream())
                        {
                            using(var reader = new StreamReader(replyStream, string.IsNullOrWhiteSpace(reply.Headers[HttpResponseHeader.ContentEncoding]) ? Encoding.UTF8 : Encoding.GetEncoding(reply.Headers[HttpResponseHeader.ContentEncoding])))
                            {
                                var replyLiteral = reader.ReadToEnd();
                                var obj = JObject.Parse(replyLiteral);
                                return null;
                            }
                        }
                    }
    
    May be i just do somethng wrong?

    Monday, October 15, 2012 10:11 AM
  • I solved my issue. According to documentaton (here: http://msdn.microsoft.com/en-us/library/live/hh243647.aspx#request ) i had to do the POST request, but actually that API expects GET request. What the hell? Why API documentation is so messy? I lost "just" two days due this inadequate documentation, but other developers may simply force their managers to switch into Facebook Connect (hey, it seems you may get a lawsuit from Zukerberg due to simular name!) or Google API.
    LOL and sad. Hope my small adventure will help someone...
    • Edited by Konstardiy Monday, October 15, 2012 11:51 AM removed unsupported BBCode
    • Marked as answer by Konstardiy Monday, October 15, 2012 1:32 PM
    Monday, October 15, 2012 11:50 AM
  • Konstardiv, I can't thank you enough. I lost over 2-3 hrs on this. binging/googling on the issue also did not help. I don't know how you got the insight to try out get instead of post - curious to know that. finally bing for 'oauth20_token.srf' got me here and to your solutions. thanks much for putting your finding out here.


    -sushil

    Monday, May 13, 2013 1:24 PM
  • I know its been a while since this was posted but thought I'd still +1 this post. It is astonishing that MS can publish API docs like this. Perhaps they didn't think people will use these APIs in the first place! Given Satya's emphasis is on 'services' which will be consumed by apps bringing things together, this sort of lack of seriousness will only hurt his plans.
    Thursday, February 19, 2015 12:28 PM