grant_type is always missing

Hugo Bohácsek 1 Reputation point

Trying to get a oauth2/v2.0/token, always results in
"AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: 1d67dcb5-c8dc-4e21-9c39-52e24d7d3d00\r\nCorrelation ID: 0255a97e-3349-4566-8bc8-5ed99e9f8d66\r\nTimestamp: 2021-04-11 18:44:06Z",
, but my request has grant_type=authorization_code.

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
2,599 questions
No comments
{count} votes

4 answers

Sort by: Most helpful
  1. 2022-06-22T12:42:01.057+00:00

    Same issue. My curl:

    curl -X POST \  
      '<TenantID>/oauth2/v2.0/token' \  
      --header 'Accept: */*' \  
      --header 'Content-Type: application/x-www-form-urlencoded' \  
      --header 'Content-Length: 0' \  
      --data-urlencode 'client_id=<ClientID>' \  
      --data-urlencode 'redirect_uri=<MyRedirectURi>' \  
      --data-urlencode 'grant_type=authorization_code' \  
      --data-urlencode 'client_secret=<MyClientSecret>' \  
      --data-urlencode 'code=<MyCode>'  

    Is taken from :
    All values inside <> are get from Azure and I'm 100% sure that are correct. <MyCode> is taken from request for code.

    Curl is exec on Apache Server. And res is:

      "error": "invalid_request",  
      "error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: e14bd767-2062-4175-8e89-839c9bc81900\r\nCorrelation ID: ee07635e-bd30-4049-b0b9-75cabcf8103e\r\nTimestamp: 2022-06-22 12:36:07Z",  
      "error_codes": [  
      "timestamp": "2022-06-22 12:36:07Z",  
      "trace_id": "e14bd767-2062-4175-8e89-839c9bc81900",  
      "correlation_id": "ee07635e-bd30-4049-b0b9-75cabcf8103e",  
      "error_uri": ""  
    No comments

  2. 2022-01-13T10:55:44.5+00:00

    Even though we are sending the grant_type it is throwing the error.

    No comments

  3. Bhawani Singh Bhati 1 Reputation point

    Send the grant_type parameter in body. Seems you are sending grant_type in header.

    No comments

  4. Avinandan Patra 1 Reputation point

    Try form data instead of x-www-form-urlencoded format. it should work.
    Surprisingly microsoft postman collection shared in the below link also has this wrong.

    link :

    • Sample Code curl --location --request POST
      '<TenantID>/oauth2/v2.0/token' \
      --form 'client_id=<ClientID>' \
      --form 'scope=""' \
      --form 'redirect_uri=<MyRedirectURi>' \
      --form 'grant_type=authorization_code' \
      --form 'client_secret=<MyClientSecret>' \
      --form 'code=<MyCode>'
    No comments