Unable to generate token for One-Drive using c# .net 6

Question

I am facing issue while trying to generated token for One-Drive access. As I have requirement where user can get all the files from there One Drive using my application.

I tried below code but I am getting error.

{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID. Send an interactive authorization request for this user and resource.\r\nTrace ID: 33a0dd6a-6984-4c0a-8f74-6fbcd9c54301\r\nCorrelation ID: 265ca054-ab98-450c-8281-851ef6b0fdc3\r\nTimestamp: 2022-11-24 15:56:04Z","error_codes":[65001],"timestamp":"2022-11-24 15:56:04Z","trace_id":"33a0dd6a-6984-4c0a-8f74-6fbcd9c54301","correlation_id":"265ca054-ab98-450c-8281-851ef6b0fdc3","suberror":"consent_required"}

Find my code that I am trying. public async Task GetTokenAsync(string tenant, string clientId, string clientSecret, string username, string password) { HttpResponseMessage resp; string token; using (var httpClient = new HttpClient()) { httpClient.DefaultRequestHeaders.Accept.Add( new ("application/x-www-form- urlencoded")); var req = new HttpRequestMessage(HttpMethod.Post, $"https://login.microsoftonline.com/{tenant}/oauth2/token/"); req.Content = new FormUrlEncodedContent(new Dictionary<string, string> { {"grant_type", "password"}, {"client_id", clientId}, {"client_secret", clientSecret}, {"resource", "https://graph.microsoft.com/"}, {"username", username}, {"password", password}

            });

            resp = await httpClient.SendAsync(req);
            string content = await resp.Content.ReadAsStringAsync();
            var jsonObj = System.Text.Json.JsonSerializer.Deserialize<dynamic>(content);
            token = jsonObj["access_token"];
        }
        return token;
    }

Nothing

Answer 1

I tried to reproduce the same in my environment and got the same error as below:

The error usually occurs if you have not consented Admin Consent to the API Permissions you have granted like below:

To resolve the error, I created the Azure AD Application and granted Admin consent to the API Permissions:

To generate the access token, I used to the below parameters:

GET https://login.microsoftonline.com/TenantId/oauth2/token

grant_type:password
client_id:53f9d6e0-f9e8-4620-9e45-XXXXX
client_secret:Msd8Q~q~-2gb4sooQVGDIQQAI92gXXXXX
resource:https://graph.microsoft.com/
username:username
password:Password

I am able to generate the access token successfully as below:

If still the issue persists, try updating the below settings in Azure Enterprise Application like below:

Go to Azure Active Directory -> Enterprise applications -> User settings -> Consent and permissions

Otherwise, you can Grant admin consent by using below Endpoint, Login as Admin and Accept:

https://login.microsoftonline.com/TenantId/adminconsent?client_id=ClientID