laravelazureazure-active-directorymicrosoft-graph-api

How to get access token from refresh token without using tenant id?


Using below URL, I get the code.

https://login.microsoftonline.com/common/oauth2/v2.0/authorize? 
client_id=appId
&redirect_uri=http://localhost:8000/auth/microsoft/callback
&response_type=code  
&response_mode=query  
&scope=https://graph.microsoft.com/.default
&state=12345

Now, I generated access token and refresh token via Postman with below parameters including code value:

POST https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id=appId
grant_type=authorization_code
scope=https://graph.microsoft.com/.default offline_access
client_secret=client_secret
code=M.C105_BAY.2.1d853a8b-20f2-xxxx-xxxx-d37779217xxx
redirect_uri=http://localhost:8000/auth/microsoft/callback

I have successfully got the access token and refresh token.

Now, I am trying to get access token using refresh token in below API,

POST https://login.microsoftonline.com/common/oauth2/v2.0/token
grant_type:refresh_token
redirect_uri:http://localhost:8000/microsoft/sso/callback
client_id=appId
client_secret=client_secret
refresh_token:M.C105_BAY.-CcIfFlVtnsRVHLnEtb0PnIZAvXWez8thRn8rQ91qZ86nMpDUw9Wt08ezOOlzR!mlDDs*ijok5X3y1YHZ*hTSpG!jgwQdXI8atQRVGWXkV8LzJFlUXvdZnxB3PZRmFZGm!eTg5Y0TPiyXOQzWEDHkkVVOzOb91KRQ!0qCW5ayM226JMju*thcINXIZbq6aoCRo!XqUGYusb90oSGqSZrfH48mBQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXSr0ga1X42RDpU6jRQmx6cYKFvC56D*XrfkFjwJN!y9fk0fm9Vt1xnmlignR!PfZujKQtXXXXXO35FNc$
scope:https://graph.microsoft.com/.default

I get the below error, enter image description here

Please suggest on this to get the access token.


Solution

  • The error "AADSTS900144: The request body must contain the following parameter: 'grant_type'" usually occurs if you are not passing Content-Type header properly with request.

    When I passed request body in form-data and added header as Content-Type:application/x-www-form-urlencoded, I too got same error as below:

    POST https://login.microsoftonline.com/common/oauth2/v2.0/token
    grant_type:refresh_token
    client_id=appId
    client_secret=client_secret
    refresh_token:refresh_token
    

    Response:

    enter image description here

    To resolve the error, you need to either delete Content-Type:application/x-www-form-urlencoded header that you added manually or pass request body in x-www-form-urlencoded form.

    In my case, I passed request body in x-www-form-urlencoded form without removing Content-type header and got access token like below:

    POST https://login.microsoftonline.com/common/oauth2/v2.0/token
    grant_type:refresh_token
    client_id=appId
    client_secret=client_secret
    refresh_token:refresh_token
    

    Response:

    enter image description here

    If you prefer passing the request body in form-data, make sure to delete the Content-Type:application/x-www-form-urlencoded header that you manually added.