ROPC flow grant sign in gives consent_required error in Postman

Question

Hello, I'm trying to setup the ROPC flow grant using this guide: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

I am aware of the security issues but this still seems to be the best OAuth 2.0 authentication mechanism to use.

I'm trying to get an access token in Postman but keep getting the AADSTS65001 error code back. Full error added as attachment.
Also added as attachment are my Postman body settings. And also my API Permissions setup for this Application. What I think is wrong is that I am not trying to use Microsoft Graph but Office 365 Exchange Online. The guide is solely written for Microsoft Graph. Could this be the problem? If so I'd like to know what API Permissions I have to use to make the ROPC flow grant work for Office 365 Exchange Online. And please describe the scope parameter as well because I have a feeling this could be wrong as well.

Could somebody help me and point out what I'm doing wrong? Thank you in advance!

Answer 1

Hi @Joey van de Burgt
1.You have to separate permission scopes with spaces instead of encoding them.

user.read openid profile offline_access

2.The ROPC flow is a silent delegated authentication flow, it cannot interactively consent to the required delegated permissions in the browser, so the administrator must consent to these permissions in advance in the portal.

By the way, the Outlook REST API supports modern OAuth 2.0 authentication, so it has nothing to do with whether you use the Outlook REST API or not.

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.