Unable to get access token for microsoft store service

Jacques O 0 Reputation points
2024-06-09T22:08:13.59+00:00

Hi, I am building an app for the Microsoft Store. I require the app's server to connect to the microsoft store to validate purchases.

I'm using the Microsoft.StoreServices API provided at: https://github.com/microsoft/Microsoft-Store-Services

Basically when your server starts it should query Microsoft Azure AD (Entra ID) based on your tenant id, client id and client secret (using OAuth 2.0 with client_credentials flow to the token endpoint under the hood) and issue you an access token.

Basically I do:

//Startup.cs - InitializeMicrosoftStoreServicesCachedTokenProvider(...)
var cachedTokenProvider = new MicrosoftStoreServicesCachedTokenProvider(serverMemoryCache, myTenantId, myClientId, myClientSecret);
var serviceAccessToken = cachedTokenProvider.GetServiceAccessTokenAsync().Result;

I get a 400 Bad Request exception:

Microsoft.StoreServices.StoreServicesHttpResponseException: 'Unable to acquire access token for https://onestore.microsoft.com : Bad Request'

According to https://learn.microsoft.com/en-us/windows/uwp/monetize/view-and-grant-products-from-a-servic

I have an Azure AD (Entra Id) account with an app that has "Allow public client flows" turned on. However supported account types is "Personal Microsoft accounts only".

My app's client id is entered in Microsoft Partner Center, under "Product collections and purchases".

I tried using "consumers" also as a tenant id (sometimes required with oauth when using personal Microsoft accounts), with no luck.

This is the code underlying the call:

//StoreServicesTokenProvider.cs
var requestUri = $"https://login.microsoftonline.com/{_tenantId}/oauth2/v2.0/token";
var httpRequest = new HttpRequestMessage(HttpMethod.Post, requestUri.ToString());
var requestBody = $"grant_type=client_credentials&client_id={_clientId}" +
                  $"&client_secret={encodedSecret}" +
                  $"&scope={audience}/.default";
httpRequest.Content = new StringContent(requestBody, Encoding.UTF8, "application/x-www-form-urlencoded");

Basically, I am wondering what I am doing wrong and how I may make that token request work.

Thanks

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,400 questions
.NET MAUI
.NET MAUI
A Microsoft open-source framework for building native device applications spanning mobile, tablet, and desktop.
3,231 questions
Microsoft Partner Center
Microsoft Partner Center
A Microsoft website for partners that provides access to product support, a partner community, and other partner services.
931 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,648 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jacques O 0 Reputation points
    2024-07-05T23:34:52.23+00:00

    OK,

    First of, the http request of the post call to acquire token returns more verbose than just "bad request". One must look at the http response content. What I found is that my app in azure needed to be for both Entra ID user and Personnal Accounts as authentication method. I changed the value of "signInAudience" to "AzureADandPersonalMicrosoftAccount" using the manifest editor. Note that the tenant id not longer must be "consumers", but the actual tenant id in the http request.

    Thank you

    0 comments No comments