AzureAD Authorization Code Issue

Phyo Myanmar Kyaw 21 Reputation points
2021-03-11T06:42:07.707+00:00

Hello, currently I'm developing Web Portal using AzureAD + Outsystems ( with Microsoft Login Connector Forge ).
But my 1st step is to get Code + State. So i'm trying to paste the url in browser first. But seems like the return code is incorrect and cannot use in my Forge ( lib ) also. Pls correct me if i am wrong. Thanks all.
My ref link : https://github.com/uglide/azure-content/blob/master/articles/active-directory/active-directory-protocols-oauth-code.md

Here's my request url :

https://login.microsoftonline.com/3bb279cb-438f-477f-9362-db56c20e9167/oauth2/authorize?
client_id=c748cb13-fe35-496b-9a9d-199bdb60e117
&response_type=code
&redirect_uri=https://phyo.outsystemscloud.com/MicrosoftLoginConnector/Callback.aspx
&response_mode=query
&state=12345

Here's the response url :

https://phyo.outsystemscloud.com/MicrosoftLoginConnector/Callback.aspx?code=0.AAAAy3myO49Df0eTYttWwg6RZxPLSMc1_mtJmp0Zm9tg4RdwANQ.AQABAAIAAAD--DLA3VO7QrddgJg7WevrvYwT2T7rxFlhM-vrm1ESZwY_cMDqUOiG4bYQH1GRf1RpTKyBQrBWYWJ7rXIGwiOSgXHxV0ZSQ8aYT5JJCdmMbPexjPWpYLWopkNz1L2QH00E8WXHoAE0i_s4cZcfi2nPytIqzDkTuZ41jT4TSelRDP1LnAM_RmyAT_cWxe4jXdroXa11z3iNJpOMkrFkqXVaSF-xt1seAZQIKwrSlwb5sJNh3If6-DXgjtUoesrkm3KiyFawcfNEJUI0q4tsp0CHwmIJCFcjNrps6ImVOT6nHReZlVVxQ9IWp1W83VjMCsqfngzePoy-rZhwZx0SekwjBPXHGjTGrR8nuf5O2OJETs0Mo3mGLQFAoCo13x6PbWUPMJWz1NgT0na24a_mlX3WzzYwc4ashkfN92g1Jt63lcr2nJMPuPkJw4__TwndFjCizpDJkIQyUtQMGfGc31WG_-4Y3IOjMgE6AyRlD_CzE2UCNU4d3ZzH31DgWT74q_0FFLZ4y8SQ375ChdPDwQ29BNPgxMeyprY84JFM872m7zX6a1mmiTUPWIgIKrRg06CiYBYVBloen0vcp8vtwCuFcq3NcsbwR8XYeNTDGmK-oC1pBkxOp0MP7BJIIoLgeLyIMJDXPBEZGSwIzwQGNG-elToQUrIVi4BkgLvU_rObcAPqq4zWSq5SfcXC3loDX9MfLcg3QX8rXC4zAzdEfqWTassDPv64zcZ9schcfPjrlfFnCx8FxfRQz5IJnPWvIlywc9CpIOzPilXROqDBWnMPYiHihoXDS-yPDtkOR58zH3G8V7EgU6T0gc2FMUV4v4s6QKV-g_G2PV7SXu48WiloahAx--UOIoV3THEM3Ty3xiR93UTGz7sTvFxzXr3bqkWZ-K9WXNPLAixCaOzlorXJyRR2wmE_yb9cA4gzkMPTMzBsfWa8lxTGD8rD3s8sqy3eeO2mvmmjG2LVlNbQCEu73vaPE9JyojRzv1AfrrOPxRpgXu3DoBkTdMn6IlS927ZM59ZwFSRsQP3Dqzu0XI8XfYjd-_B2LZhtsEz0AkDP35ye-XaraPG552lwG-c89q2QfOzI7jRQUf1LoikA9r_3bOnI-43EQiP3tTaELHukcO7omSSXf76kf1YSX1SILKWlr7fa-OixqfGFLtju-devOGpLN42-Ed14b3vjUrbfrarnwYs1kZqeAOcgoBHc4kmQa9m3Z0qO3Aj9XVTBTR1dUkYcf64VlGP-Nw_81FSyhNcDQIk5yflIixx30adFez0vykte-Xz9N0tMA__CPI0_IAA&state=12345&session_state=b47cfd3b-9f48-460c-99ff-19b791f21a79#
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,458 questions
0 comments No comments
{count} votes

Accepted answer
  1. soumi-MSFT 11,761 Reputation points Microsoft Employee
    2021-03-12T08:01:06.457+00:00

    Hello @Phyo Myanmar Kyaw , thank you for reaching out. The Authorization Code Grant flow has the following steps involved.

    1. Fetch a code from the /authorize endpoint of AAD.
    2. Once you have the code, then you make a call to the /token endpoint of AAD to fetch the access-token
    3. Once you have the access-token, that's when you send the access-token to the AAD protected resource and get yourself authorized by the resource and gain access to it.

    If you check the GitHub article, it speaks the same steps in more detail: https://github.com/uglide/azure-content/blob/master/articles/active-directory/active-directory-protocols-oauth-code.md

    An AAD protected resource is only concerned about the access-token, which is in JWT format and that can be decoded and an access-token contains the permissions and other claims that would be used by the AAD protected app. Hence, the code that you are trying to use directly with the AAD protected resource (Outsystems) is erroring out.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.


0 additional answers

Sort by: Most helpful