This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 60%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
Hi,
We have a PHP script that tries to login to
"https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token". it has worked perfectly up until 3 days ago.
Now we get this error
"AADSTS900561: The endpoint only accepts POST, OPTIONS requests. Received a GET request."
We have made no changes, i have verified that i can login with the account to office 365 and that works fine.
But when i tries to connect to our app at Azure it has stopped working.
Any ideas?
I have read most postas around with no luck yet.
Best regards
Thomas
Hi @Thomas Andersson ,
Since you've made no changes, I would verify everything is in order with the app registration. Is the logout URL set correctly and the client secret still valid? Where in the oauth flow do you get AADSTS900561? Also, have you verified sign-in works in something like Postman?
Regards,
Ryan
hi and thanks for your reply.
Postman helped me find the problem.
If our job is not used for some time then the Token expires, and our "Renew Subcription " scripts that should create a new token every day did not actually call the "Authenticate" script that creates a new token.
So when the service is not used for a certain amount of time the token gets obsolete.
So many thanks for advising me to use POstman, it gave much more clear info what was wrong.
One option to consider is creating a simple timer trigger web job or function that calls your job to obtain a refresh token. Have a look at https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/app-aad-token#refresh-an-access-token, even though it's under data bricks, the same logic applies.
Regards,
Ryan