Token Endpoint Returning HTML

AdamHiatt-6223 21 Reputation points

I am trying to get a bearer token from the{tenant}/oauth2/v2.0/token endpoint. This works fine in postman, but when I try to run it from my node js app, it returns the Sign In html page instead of the bearer token. See code below for implementation:

const tokenUrl = '<tenant>/oauth2/v2.0/token';  
const clientId = '<id>';  
const clientSecret = '<secret>';  
const form = FormData();  
form.append('client_id', clientId);  
form.append('scope', '');  
form.append('grant_type', 'client_credentials');  
const getToken = () => {  
  axios.get(tokenUrl, form, {  
    headers: {  
      'Content-Type': 'application/x-www-form-urlencoded',  
      'Host': '',  
  }).then((response) => {  
  }).catch(e => console.log(e));  

I'm sure I am missing something simple, but I am new to Graph API, thanks in advance for the help.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
9,128 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,570 questions
{count} votes

Accepted answer
  1. Zehui Yao_MSFT 5,796 Reputation points

    Hi @AdamHiatt-6223 , I found out the reason is you used the get method in the code to make the request, and getting the token needs to be requested using the post method. Below is my code running axios in my local node environment, and if I change the post method to the get method, it does return the content in html format. Hope this helps. Best Wishes.

    const APP_ID = '{ clientId }';  
    const APP_SECERET = '{ clientSecret }';  
    const TOKEN_ENDPOINT ='{ tenantid }/oauth2/v2.0/token';  
    const MS_GRAPH_SCOPE = '';  
    const axios = require('axios');  
    const qs = require('qs');  
    const postData = {  
        client_id: APP_ID,  
        scope: MS_GRAPH_SCOPE,  
        client_secret: APP_SECERET,  
        grant_type: 'client_credentials'  
   ['Content-Type'] =  
      .post(TOKEN_ENDPOINT, qs.stringify(postData))  
      .then(response => {  
      .catch(error => {  



    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. AdamHiatt-6223 21 Reputation points

    Thanks so much for the help! Silly mistake on my part.

    0 comments No comments