none
Azure B2C - Not able to get the access_code & refresh_token through postman RRS feed

  • Question

  • Dear All, 

    I am trying to get the access_token and refresh_token through below request but I am getting the  below error in the postman 

    {
        "error": "invalid_grant",
        "error_description": "AADB2C90090: The provided JWE is not a valid 5 segment token.\r\nCorrelation ID: f4b8be04-9dce-4e07-a72f-7aacdd0e9cc8\r\nTimestamp: 2019-07-11 16:13:56Z\r\n"
    }

    I have double checked the parameters entered in the postman and code I have captured after logged in. 


    Selvakumar Rathinam

    Thursday, July 11, 2019 4:20 PM

Answers

  • It was solved by referring stackoverflow by adding the proper scope in the request. 

    Thanks,

    Selva


    Selvakumar Rathinam

    Tuesday, July 30, 2019 10:24 AM

All replies

  • I see in screenshot that you are using a wrong endpoint to get the access token. For access token you need to use the endpoint like  <tenant-name>.onmicrosoft.com/oauth2/v2.0/token?p=<policy-name> .

    The endpoint https://<tenant-name>.b2clogin.com/tfp/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize?  is used to request an authorization code before requesting the access token.

    Also, you are using GET operation instead of using POST for requesting an Access Token.  Please refer to Request an access token in Azure Active Directory B2C for details.
    Thursday, July 11, 2019 10:32 PM
    Moderator
  • Hey Selvakumar, 

    It looks like the JWE is being modified at some point in the B2C custom policy. See git issue : https://github.com/Microsoft/o365-moodle/issues/200

    Or, there's also an issue with Postman. Per the post : https://blogs.msdn.microsoft.com/aaddevsup/2018/05/23/using-postman-to-call-the-microsoft-graph-api-using-authorization-code-flow/

    Note: There are some issues with Postman and utilizing the "Get New Access Token feature" when the client secret has a # and +. So you will need to continue to get a new secret until it doesn't have a + or # symbol in the client secret. This issue is described in the GitHub issue : https://github.com/postmanlabs/postman-app-support/issues/4555

    That being said, can you please make sure that you aren't modifying the token or have any #s or +s in your JWE? 

    Please remember to mark a response as answer if we've answered your question, if you have anymore questions please let us know and we will follow up accordingly,

    Thursday, July 11, 2019 10:56 PM
    Moderator
  • Thanks for your Response Frank HU. the current client secret do not have + or # Symbols in it.  

    & I am not modifying the code/token which is received from the authorization end points before making this request. 

    so these can not be the reason for this issue. 

    Please advice how to move forward. 


    Selvakumar Rathinam

    Friday, July 12, 2019 9:00 AM
  • Hey Selvakumar, 

    Can you please see Saurabh's post above? It looks like you're using a get call and not a post to the token endpoint. The docs he linked : https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-access-tokens go into this further. 

    Thanks!

    Friday, July 12, 2019 5:03 PM
    Moderator
  • Hi All, 

    Through this I am getting the access_token & Id_token still I am not able to get the refresh_token which would be needed for me to get the access_token after the current one get expired. 

    I have created the scope called offline_access for the same web application and used it in the part of scope in my post request from Postman however no luck not getting the refresh_token. 

    anyone come across this issue and solved please let me know. 

    Thanks


    Selvakumar Rathinam

    Wednesday, July 17, 2019 7:48 AM
  • What is the endpoint you're using?

    Can you please provide an example request and response that you're getting? 

    Wednesday, July 17, 2019 5:55 PM
    Moderator
  • I'm following up on this, please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Thanks
    Friday, July 26, 2019 10:45 PM
    Moderator
  • It was solved by referring stackoverflow by adding the proper scope in the request. 

    Thanks,

    Selva


    Selvakumar Rathinam

    Tuesday, July 30, 2019 10:24 AM
  • Hi, I'm having the same issue. Could you detail the steps you've taken to resolve this? 

    Thanks! 

    Sunday, August 4, 2019 6:13 PM
  • Hey Waterydan_1, if it's the same problem. It's most likely an issue with not requesting the correct scopes properly. I would suggest opening up a new thread since it's most likely not the same issue that Selvakumar was having. 

    Thanks!

    Monday, August 5, 2019 5:02 PM
    Moderator