azure - Active Directory Integrating Applications: Access Token Invalid -


i'm following tutorial (https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications) create app oauth add new users azure cloud subscriptions.

as stated in tutorial, i've created app, assigned permissions , performed created secret key.

what i'm doing quite "standard" , still it's not working.

let me show steps:

 https://login.microsoftonline.com/common/oauth2/authorize?client_id=[clientid]&response_type=code&redirect_uri=[redirect_uri]&prompt=admin_consent 

logging in go to:

permission request

this after acceptance service compose "final step" in code authentication retrieve token

            var content = new stringcontent(             "grant_type=authorization_code" +             "&client_id=" + connectors.azure.azurehelper.id +             "&client_secret=" + connectors.azure.azurehelper.secret +             "&code=" + code +             "&resource=" + connectors.azure.azurehelper.id +             "&redirect_uri=" + request.url.absoluteuri.split('?')[0],             encoding.utf8, "application/x-www-form-urlencoded");              var resp = await client.postasync("https://login.microsoftonline.com/common/oauth2/token", content);             var text = await resp.content.readasstringasync();              var token = jsonconvert.deserializeobject<connectors.office365.authresp>(text); 

in token.access_token have "well-formed" token.

in token.scopes have lot of "granted permissions" like:

 directory.accessasuser.all directory.read.all directory.readwrite.all group.read.all group.readwrite.all member.read.hidden user.read user.read.all user.readbasic.all 

but if try perform simplest operation like:

error on users

it's i'm retrieving valid token no capabilities! wrong?

in resource field of "code confirmation" put id of application. correct? else can try?

probably find out going wrong. "resource" field in request of token.

now login url specifies want token https://graph.api.net:

 var myurl = "https://login.microsoftonline.com/common/oauth2/authorize?client_id=" + azurehelper.id + "&response_type=code&redirect_uri=" + baseurl + "/account/oauth&prompt=admin_consent&resource=" + uri.escapedatastring("https://graph.windows.net"); 

that gives me url:

https://login.microsoftonline.com/common/oauth2/authorize?client_id=[id]&response_type=code&redirect_uri=[url]&prompt=admin_consent&resource=https%3a%2f%2fgraph.windows.net 

then, @ code verification request same resource:

            var content = new stringcontent(             "grant_type=authorization_code" +             "&client_id=" + connectors.azure.azurehelper.id +             "&client_secret=" + connectors.azure.azurehelper.secret +             "&code=" + code +             "&resource=" + uri.escapedatastring("https://graph.windows.net")+ //connectors.azure.azurehelper.id +             "&redirect_uri=" + request.url.absoluteuri.split('?')[0],             encoding.utf8, "application/x-www-form-urlencoded");              var resp = await client.postasync("https://login.microsoftonline.com/common/oauth2/token", content);             var text = await resp.content.readasstringasync();              var token = jsonconvert.deserializeobject<connectors.office365.authresp>(text); 

and works charm.

my specific problem due fact that, in first tests, tried put request parameter without doing url encoding.

the strange fact "redirect_uri" don't need specific encoding while need "request"


Comments