Search code examples
azuregooauth-2.0azure-rest-api

Authenticating to Azure in Go using REST API

I am trying to authenticate to Azure service management / graph API using golang. Using purely REST APIs. No matter what I do, I always end up with error:

{"error":"invalid_request","error_description":"AADSTS900144: The request body must contain the following parameter: 'grant_type'.

Since I am not using SDK there is limited samples out there. Any help would be appreciated.

package main

import (
    "bytes"
    "encoding/json"
    "io/ioutil"
    "log"
    "net/http"
)

func main() {

    authendpoint := "https://login.microsoftonline.com/8xxxxx7-6372-4bcb-xxx-xxxxxx/oauth2/token"

    jsonData := []byte(`{
        "resource":      "https://graph.microsoft.com",
        "client_id":     "xxxxxxxx-7549-4ea2-b00d-xxxxxxxxxxx",
        "client_secret": "Q.xxxxxxxxxxxxxx-6_CgA4yOi_8sS-",
        "grant_type":    "client_credentials",
        }`)

    request, err := http.NewRequest("POST", authendpoint, bytes.NewBuffer(jsonData))
    request.Header.Set("Content-Type", "application/json")
    client := &http.Client{}
    resp, err := client.Do(request)

    if err != nil {
        log.Fatal(err)
    }
    body, err := ioutil.ReadAll(resp.Body)
    var res map[string]interface{}

    json.NewDecoder(resp.Body).Decode(&res)
    log.Println(string(body))
}
Solution

  • The Microsoft request docs posted by Praveen Premaratne show the request needs to be formatted using Content-Type: application/x-www-form-urlencoded which is a requirement for the OAuth 2.0 standard.

    Here's the Microsoft docs and example:

    https://learn.microsoft.com/en-us/graph/auth/auth-concepts#register-your-app-with-the-microsoft-identity-platform

    POST /common/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=user.read%20mail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrh

    Here's how to accomplish this:

    package main

import (
    "fmt"
    "net/http"
    "net/url"
    "strings"
)

func main() {
    authendpoint := "https://login.microsoftonline.com/8xxxxx7-6372-4bcb-xxx-xxxxxx/oauth2/token"
    body := url.Values(map[string][]string{
        "resource":      {"https://graph.microsoft.com"},
        "client_id":     {"xxxxxxxx-7549-4ea2-b00d-xxxxxxxxxxx"},
        "client_secret": {"Q.xxxxxxxxxxxxxx-6_CgA4yOi_8sS-"},
        "grant_type":    {"client_credentials"}})

    request, err := http.NewRequest(
        http.MethodPost,
        authendpoint,
        strings.NewReader(body.Encode()))
    if err != nil {
        panic(err)
    }

    request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
    client := &http.Client{}
    resp, err := client.Do(request)
    if err != nil {
        panic(err)
    }
    fmt.Println(resp.StatusCode)
}