oauth-2.0microsoft-graph-apipostman
Authentication Token x-www-form-urlencoded body to a JSON body
I can get an authentication token using Microsoft Graph API on Postman using the Post Token api call. https://login.microsoftonline.com/{{AzuretenantID}}/oauth2/v2.0/token
However, I need to make the call in a program we have that only accepts a JSON body. I currently use a x-www-form-urlencoded body as represented in the image below.
I tried to write it as a JSON body in the "raw" body section of Postman.
{"grant_type": "client_credentials",
"client_id":"7721b276-c186-42e0-b81c-c8cf0bfc5f21",
"client_secret":"Lu48Q~5SQ8ge6O2OXvsfYJJH-ga0DdHCNsgubaea",
"scope": "https://graph.microsoft.com/.default"}
However I get the following error:
{
"error": "invalid_request",
"error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: c5e88698-3b60-4763-85ea-b807ec280000\r\nCorrelation ID: 0998db90-1b32-48e1-b095-7ceb3fe2ff2f\r\nTimestamp: 2023-05-01 18:37:24Z",
"error_codes": [
900144
],
"timestamp": "2023-05-01 18:37:24Z",
"trace_id": "c5e88698-3b60-4763-85ea-b807ec280000",
"correlation_id": "0998db90-1b32-48e1-b095-7ceb3fe2ff2f",
"error_uri": "https://login.microsoftonline.com/error?code=900144"
}
Solution
The Microsoft identity platform /token endpoint follows standard document and accepts only application/x-www-form-urlencoded message format.
So application/x-www-form-urlencoded is mandatory and sending JSON request bodies will result in an error.
- Error 400: invalid_scope with Postman and Google OAuth2
- Issues Adding SMTP.Send Permission to Azure Application for Office 365 SMTP
- PHP - How to get OAuth 2.0 Token
- UPS Outh Rating API return Invalid Authentication Information
- How to store sensitive data in React Native or expo code ? ( with Keychain and Keystore )
- How to get Optum sandbox to authenticate with OAuth 2.0 using Java and okhttp
- Spring Boot redirection back to login page
- New Google place api using google OAuth, ask failed to refresh token
- Getting OAuth code challenge on loopback server
- How do I solve audience (aud) invalid claim error for downstream api service?
- oauth 2 parameters can only have a single value: scope
- #oauth2 security expressions on method level
- Calling spring authorization server OAuth2 REST endpoints
- Google AdWords API authorization raising AdsCommon::Errors::AuthError
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Passport - Node.js not returning Refresh Token
- AWS Cognito: Missing Scopes in Access Token with Custom UI and Device Remember Functionality for MFA
- Cross-client Google OAuth: Get auth code on iOS and access token on server
- How to generate GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET without a domain?
- Spring Gateway and OAuth
- OAuth Client Credential Flow - Refresh Tokens
- Django OAuth2 Authentication Failing in Unit Tests - 401 'invalid_client' Error
- Add OAuth authentication for HTTP request triggers
- OAuth2 implementation and user management Django
- How to enable a submit button if form fields are auto-filled by the browser using saved credentials on page load?
- AADSTS70000 Error When Requesting for Access Token
- Is storing an OAuth token in cookies bad practice?
- Spring OAuth2 client performs Back-Channel Logout with an expired ID token
- I/O error on GET request for "https://localhost/application/o/{name}/.well-known/openid-configuration": Connection refused
- Restrict Microsoft Azure App OAuth2.0 to Internal Users