I am implementing Oauth 2 authentication for an Office 365 account in a Java server side application. After reading the documentation, I performed the following steps:
- I have an office 365 subscription.
- I created an application in Azure Activate Directory, which is required to authenticate a web application using Office 365.
- I have a client id and a secret. I am also considering all the permissions of the Azure application.
- I am requesting an authorization code using Url:
https://login.microsoftonline.com/common/oauth2/authorize?client_id= {client_id} & response_type = code & redirect_uri = {redirect url} & response_mode = query
In response to this, I get the authorization code as expected:
http:
Now I need to get the token along with the username (the identifier of the user from which the user is logged in), since I need a username for further processing. To do this, I use the method described here:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/
To do this, use the POST request:
POST /{tenant}/oauth2/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&client_id=2d4d11a2-f814-46a7-890a-274a72a7309e
&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrqqf_ZT_p5uEAEJJ_nZ3UmphWygRNy2C3jJ239gV_DBnZ2syeg95Ki-374WHUP-i3yIhv5i-7KU2CEoPXwURQp6IVYMw-DjAOzn7C3JCu5wpngXmbZKtJdWmiBzHpcO2aICJPu1KvJrDLDP20chJBXzVYJtkfjviLNNW7l7Y3ydcHDsBRKZc3GuMQanmcghXPyoDg41g8XbwPudVh7uCmUponBQpIhbuffFP_tbV8SNzsPoFz9CLpBCZagJVXeqWoYMPe2dSsPiLO9Alf_YIe5zpi-zY4C3aLw5g9at35eZTfNd0gBRpR5ojkMIcZZ6IgAA
&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F
&resource=https%3A%2F%2Fservice.contoso.com%2F
&client_secret=p@ssw0rd
Now the problem is that when I send this post request, I always get an error with an error code several times 400 or 402, etc. I am also a POST person user in chrome to check the answer to a call. It always returns an error:
{
"error": "invalid_grant",
"error_description": "AADSTS65001: The user or administrator has not consented to use the application with ID. Send an interactive authorization request for this user and resource.\r\nTrace ID: b834315e-ccb3-4533-b7c9-4af7b34054b9\r\nCorrelation ID: 784f18da-5479-4b69-b939-0067abfcc460\r\nTimestamp: 2016-08-02 07:28:22Z",
"error_codes": [
65001
],
"timestamp": "2016-08-02 07:28:22Z",
"trace_id": "b834315e-ccb3-4533-b7c9-4af7b34054b9",
"correlation_id": "784f18da-5479-4b69-b939-0067abfcc460"
}
(Note: I registered all applications using the administrator login) I tried a lot to find out what is happening here. I have added several applications to the Azure Active directory, but I always get a similar answer.
.,! - 365 oauth2 . , - , .