All geek questions in one place

Office 365 v2 authorization code is invalid or invalid

I have the following authorization code copied from a browser for a user who has provided our application with his Office 365 email.

code=OAQABAAIAAADRNYRQ3dhRSrm-4K-adpCJ3J3UJ8GyC2qJDvNhlrUAObjph6sQ3A9waeQ5Tr-DA6WzxCdFbvadCRJw2S4a_lwA7MyelZWAPQZOlaB_X_1165CbmTXJMGioU6Cr0DhVTUzIlUv_-Svjp8DBrLVCxcDp5rJMM5mDNR0iGysuDIozWnOaPqCOl35NxPzyktrYK6D1MBptmXOPbhS-stTZXbHJr9gGE3FHzMU0XANXmTm30q4SPaoWPch-S1uFFL4xwS2oUv-lELBdcfIGh5UJBSraabGihVWUnbwBhh8eURSMRwryi7kubUcq0D27S-vIVZhtKopemQ1njAcExO58S7EgAyqbIzMxvmBXBe0X1ieVrcyHYRpt4ZAq1Z4v5HLTrYhx5fGp6AkqhV09yri3bqXaZvw5R1hKuhAbRDt_isZn_L8ZEhfwnqICGUwpDU27c6Qd1txuiOVY90a4BiAUh1M1u5gjDx8nIE88R7S915w7mUjJtCzZuTKQavve8q8UOtm9udUvBOX1f-bYslpgiIRbdSYBYlP9UrbreLS1W6OFk2NX-uqp9mabyImvvj1RUm166qV6uc9hsuhzrfErDURC17JotuQBSWYauAvb38p5B-cDbsCZafpyORlbrWsYyQcdWwUPL0aOZEQXFW-v3gDw7Xri_9hvsiHrj10NTaaozqm1QpZmMf-SHJ0yF9wBWKYgAA

The application works without problems if we use the Microsoft Graph REST API v1, but when using version 2, the following problem occurs. It is registered with delegate permissions that provide us with read, write / send capabilities that work great with the V1 application.

For V2: authority =https://login.microsoftonline.com/common/oauth2/v2.0/token and to extract the authentication code I use the following URL

 https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=30..7&response_type=code&scope=mail.read&redirect_uri=https://myurl:8443/controller/saveToken

Code causing the problem:

  @Override public AuthenticationResult getToken(String authCode) { ExecutorService service = Executors.newFixedThreadPool(1); OfficeCredentials credentials = getCredentials(); try { AuthenticationContext context = new AuthenticationContext(credentials.getAuthority(), true, service); final Future<AuthenticationResult> resultFuture = context.acquireTokenByAuthorizationCode( authCode, new URI(credentials.getRedirectUri()), new ClientCredential(credentials.getClientId(), credentials.getClientSecret()), credentials.getResourceUrl(), null); return resultFuture.get();//throws exception } catch (URISyntaxException e) { logger.error(e.getMessage()); } catch (MalformedURLException e) { logger.error(e.getMessage()); } catch (Exception e) { logger.error(e.getMessage()); } return null; }

Exception when resultFuture.get () is called

 java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS70000: Transmission data parser failure: Authorization Code is malformed or invalid.\r\nTrace ID: c37b4aba-c5fb-44f3-815c-dd798072095d\r\nCorrelation ID: e190ccd2-f98a-440c-8e79-69cfcead3c04\r\nTimestamp: 2017-02-06 17:53:30Z","error":"invalid_grant"}

I do not know what I am doing wrong, as I am trying to upgrade to v2. redirect_uri is the same as defined in the azure region, and these are HTTPS. I already made my local env't accept HTTPS by following this . FYI: I am using the adal4 java library.

+1
source share
1 answer

The adal4j library does not currently support the Azure AD v2.0 endpoint (see here ). The event that we set for the v2.0 endpoint, it still uses the old one.

As a workaround, you can directly request an HTTP request. Here is a sample request for your reference (see here ):

 POST: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token client_id={clientId}&client_secret={clientSecret}&scope={scope}&code={authorizationCode}&grant_type=authorization_code&redirect_uri={redirectUri}

And if you want the adal4j library to support the Azure AD v2.0 endpoint, you can send feedback from here .

+2
source

Source: https://habr.com/ru/post/1236273/

More articles:


All Articles