azureazure-active-directoryazure-authenticationazure-rest-apiazure-service-principal
Malformed error while generating token for outlook and then exchanging with graphapi
When I try to generate access token for a user in Outlook and then Exchanging Access Token for graph Api it failed with malformed error.
To generate access token, I passed these values
Complete error is:
{
"error": "invalid_grant",
"error_description": "AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: ba68002d-e58b-4d65-9e61-6e5ca2845500\r\nCorrelation ID: 03ee058c-38cb-407d-9b88-f51b7c992464\r\nTimestamp: 2022-10-19 15:05:17Z",
"error_codes": [
9002313
],
"timestamp": "2022-10-19 15:05:17Z",
"trace_id": "ba68002d-e58b-4d65-9e61-6e5ca2845500",
"correlation_id": "03ee058c-38cb-407d-9b88-f51b7c992464",
"error_uri": "https://login.microsoftonline.com/error?code=9002313"
}
I granted these permissions with consented
What does the error mean grant type is wrong, or endpoint is not valid? Or Am I missing any permissions? Please help me in resolving the error
Solution
I tried to reproduce the same in my environment and got the same error as below:
The error usually occurs if the code parameter value is not valid. Make sure to generate the code value by using the below endpoint:
https://login.microsoftonline.com/TenantId/oauth2/v2.0/authorize?
&client_id=e626f30a-80ea-*********-******
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=user.read openid profile offline_access email mail.read
&state=12345
I am able to generate access token successfully when I passed the above code value like below:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:clientid
client_secret:clientsecret
grant_type:authorization_code
code:code
scope:email Mail.Read offline_access openid profile User.Read
redirect_uri:RedirectUri
