13,721 questions
error getting access token
INAMALI PALASANIYA
0
Reputation points
we are trying to call outlook mail send API behalf of third-party user after they allow permission to us
so for this first we get code by api
import { PublicClientApplication } from "@azure/msal-node";
const config = {
auth: {
clientId: "8bf2efb9-d262-4092-bfbd-1a2f05789277",
redirectUri: "http://localhost:3000/setting",
clientSecret: secreatID,
authority: "https://login.microsoftonline.com/consumers", // Use the /consumers endpoint for personal Microsoft accounts
},
};
const pca = new PublicClientApplication(config);
//GET AUTH-URL-CODE
export async function getAuthUrlCode(res) {
const authCodeUrlParameters = {
scopes: ["https://graph.microsoft.com/.default"],
redirectUri: "http://localhost:3000/setting",
};
const authCodeUrl = await pca.getAuthCodeUrl(authCodeUrlParameters);
return authCodeUrl
};
will get code on redirected URL
after that will try to get accessToken by...
export async function getToken() {
const tokenRequest = {
code: code,
redirectUri: "http://localhost:3000/setting", // Must match the redirect URI configured in Azure AD app
scopes: ["https://graph.microsoft.com/.default"],
clientSecret: config.auth.clientSecret, // Include the client_secret parameter here
};
const response = await pca.acquireTokenByCode(tokenRequest);
console.log('------', response.accessToken);
return response.accessToken;
}
and will get error
{
"status": 400,
"message": "invalid_client: 70002 - [2023-10-16 09:45:07Z]: AADSTS70002: The provided request must include a 'client_secret' input parameter.\r\nTrace ID: 5854f7bd-b104-4796-995d-2fcd1af15801\r\nCorrelation ID: 59ec1fe6-9730-4b7e-a5e1-b053383639e8\r\nTimestamp: 2023-10-16 09:45:07Z - Correlation ID: 59ec1fe6-9730-4b7e-a5e1-b053383639e8 - Trace ID: 5854f7bd-b104-4796-995d-2fcd1af15801",
"result": {}
}
please help me out
Microsoft Security Microsoft Graph
Microsoft Security Microsoft Entra Other
2,588 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator2023-10-16T23:37:13.9+00:00 Have you tried checking for Exchange under Request API Permissions > Supported legacy APIs and ensuring that "Delegated" and "Application" permissions are both there as described here?
As a workaround, you can use Microsoft Graph if you are receiving this error only using the Outlook API.
-
CarlZhao-MSFT 46,371 Reputation points2023-10-17T07:17:49.6466667+00:00 Public client apps do not support client secret, you should use secret apps (i.e. web apps) for auth code flow.
-
INAMALI PALASANIYA 0 Reputation points
2023-10-18T05:21:59.1766667+00:00 have you any sample code or link for nodejs? by using library @azure/msal-node
- to get auth url
- to get refresh & access token by Code received by auth url
- to get access token by refresh token
- sending email on behalf of users who gave us permission to do this by access token
-
INAMALI PALASANIYA 0 Reputation points
2023-10-18T16:19:23.5+00:00 @CarlZhao-MSFT if we go as per your's gettting error,please suggest to resolve it,i think its related to our account registered with microsoft
{ "status": 400, "message": "invalid_grant: 70000121 - [2023-10-18 16:11:48Z]: AADSTS70000121: The passed grant is from a personal Microsoft account and is required to be sent to the /consumers or /common endpoint.\r\nTrace ID: 6388a766-1f47-4c5f-a144-ca5e20d22100\r\nCorrelation ID: 1e27492a-c73d-46da-9f73-a54e0857b357\r\nTimestamp: 2023-10-18 16:11:48Z - Correlation ID: 1e27492a-c73d-46da-9f73-a54e0857b357 - Trace ID: 6388a766-1f47-4c5f-a144-ca5e20d22100", "result": {} } import { PublicClientApplication, ConfidentialClientApplication } from "@azure/msal-node"; const msalConfig = { auth: { clientId, authority: "https://login.microsoftonline.com/TENANT", clientSecret, }, system: { loggerOptions: { loggerCallback(loglevel, message, containsPii) { console.log(message); }, piiLoggingEnabled: false, logLevel: "Info", } } } const cca = new ConfidentialClientApplication(msalConfig); const tokenRequest = { code: authCode, scopes: ["User.Read"], redirectUri: 'http://localhost:3000/setting/zoho', };
-
CarlZhao-MSFT 46,371 Reputation points
2023-10-19T06:43:59.15+00:00 Are you logging into the app using personal account? Try changing
/tenant idto/common.authority: "https://login.microsoftonline.com/common",
Sign in to comment
1 answer
Sort by: Most helpful
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more