AADSTS70000 Error When Requesting for Access Token

Question

I am trying out the API for uploading a pdf file to my onedrive personal account using python script. I followed the procedure as according to the documentation and managed to get the authorization code using the https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize endpoint.

The following is my script for requesting access token.

# onedrive credentials
onedrive_id = "example-ABCD" #application (client) ID
onedrive_secret = "example-1234" 
onedrive_scopes = ["Files.ReadWrite.All"]
redirect_uri = "https://login.live.com/oauth20_desktop.srf"
auth_code = "example-XYZ"
token_endpoint = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token"

import requests 

def onedrive_access():
    # data for the token request
    token_data = {
        "client_id": onedrive_id,
        "redirect_uri": redirect_uri,
        "client_secret": onedrive_secret,
        "code": auth_code,
        "grant_type": "authorization_code",
    }

    result = requests.post(token_endpoint, data=token_data)

    if result.status_code == 200:
        token_response = result.json()
        access_token = token_response.get('access_token')
        refresh_token = token_response.get('refresh_token')
        print("Access Token: ", access_token)
        print("Refresh Token: ", refresh_token)
    else:
        print(f"Failed to obtain access token: {result.status_code}")
        print(result.text)

AADSTS70000 was returned.

The provided value for the code paramater is not valid.

The required request body parameters as listed in the documentation are client_id, redirect_uri, client_secret and code which I have provided in my requests. The redirect URI is the same to which I have registered in my Azure directory.

I have also read that the authorization code returned is valid for a short period only but the process of getting authorization code then pass it to get access token only took me at most 1, 2 minutes.

What could have possibly caused this error?

Answer 1

I created a Microsoft Entra ID application selecting "Personal Microsoft account users" and added permissions like below:

Generated auth-code by using below endpoint:

https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=ClientID&scope=Files.Read Files.Read.All Files.ReadWrite Files.ReadWrite.All offline_access&response_type=code&redirect_uri=https://login.live.com/oauth20_desktop.srf

And got the same error as you:

The error "The provided value for the code parameter is not valid" usually occurs if you are passing wrong code value or copied extra values from the response.

To resolve the error, make sure to copy the code value like below:

• Do not copy the value from & and make sure to pass code value like highlighted.

After passing the value I am able to generate the tokens successfully:

# OneDrive credentials and token retrieval
onedrive_id = "XXX" # Application (client) ID
onedrive_secret = "Secret" 
onedrive_scopes = ["Files.ReadWrite.All"]
redirect_uri = "https://login.live.com/oauth20_desktop.srf"
auth_code = "Code"
token_endpoint = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token"
import requests

def onedrive_access():
    token_data = {
        "client_id": onedrive_id,
        "redirect_uri": redirect_uri,
        "client_secret": onedrive_secret,
        "code": auth_code,
        "grant_type": "authorization_code",
    }
    result = requests.post(token_endpoint, data=token_data)
    if result.status_code == 200:
        token_response = result.json()
        access_token = token_response.get('access_token')
        refresh_token = token_response.get('refresh_token')
        print("Access Token: ", access_token)
        print("Refresh Token: ", refresh_token)
    else:
        print(f"Failed to obtain access token: {result.status_code}")
        print(result.text)

onedrive_access()

Reference:

Upload small files - OneDrive API - OneDrive dev center | Microsoft