Search code examples
azureoauthazure-active-directoryaccess-token

How to get accesstoken via code using Azure Oauth 2.0

The situation: I have successfully get the code parameter from returning url via

https://login.microsoftonline.com/{tenant}/oauth2/authorize?client_id=XXXX-XXXX-XXXX&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2F&response_mode=query

now I need to get accesstoken for getting user info, I post parameters to this url:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

2 ways I had tried: 1.

var nvc = new NameValueCollection();
          nvc.Add("grant_type", "authorization_code");
          nvc.Add("client_id", "xxx-xxxx-xxxx");
          nvc.Add("code", code.Value);
          nvc.Add("redirect_uri", "http://localhost/");
          nvc.Add("client_secret", "XXXXXXXXXXXXXX=");
          nvc.Add("resource", "https://graph.microsoft.com/");
          nvc.Add("scope", "email");                            
          client.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
          var response = Encoding.UTF8.GetString(client.UploadValues(url,"POST", nvc));

2.

var xx = new StringContent("grant_type=authorization_code"+
         "&client_id=xxx-xxxx-xxxx" + 
         "&code=codeXXXXXXXX" + 
         ...
         "&resource=https://graph.microsoft.com/",
         Encoding.UTF8,
         "application/x-www-form-urlencoded");

client.PostAsync(url,xx);

All of them returned a error 400, and I got a error message : 

{  
   "error":"invalid_request",
   "error_description":"AADSTS90014: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: 207dd940-78ff-46ba-bec0-00821c850f00\r\nCorrelation ID: 803afff4-3917-4030-a19b-b5629e1faf97\r\nTimestamp: 2017-05-19 02:51:19Z",
   "error_codes":[  
      90014
   ],
   "timestamp":"2017-05-19 02:51:19Z",
   "trace_id":"207dd940-78ff-46ba-bec0-00821c850f00",
   "correlation_id":"803afff4-3917-4030-a19b-b5629e1faf97"
}
Solution

  • Thank you guys.

    I finally fellow this article and successfully got the access token, logged user info. The point to successfully get the access token is to give right parameters, the following block shows an example of correct parameters.

    public static string clientId = "9fb8ee69-xxxx-xxxx-xxxx-xxxxxxx";
    public static string authority = "https://login.windows.net/9c80d42c-yyyy-yyyy-yyyy-yyyyyyyyy/oauth2/authorize";
    public static string returnUri = "https://kuozuinotification.azurewebsites.net/.auth/login/aad/callback"; << my issue caused by here
    private const string resource = "https://graph.windows.net/";