Building a post/get with authentication substituting /me/

Norm Kelson 116 Reputation points
2020-06-24T00:59:54.88+00:00

I understand how to used the get and post for the specific requests.

I'm having difficulties building the authentication and token post commands. I access using a series of posts or gets.

Trying to get authorization code to start process. Ultimately I want to send email through office 365.

The following command was issued:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=93944f9b-ef15-408c-bbf5-281d9e688345 &response_type=code &redirect_uri=https://login.microsoftonline.com/common
&response_mode=query &scope=offline_access%20user.read%20mail.read &state=12345

The error response is attached.

I might be missing the application code but don’t know where to put it.

this results in a missing app id

I then want to get the token, to then issue a get or post.

I've tried using the explorer but can't seem to substitute /me/

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,445 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Saurabh Sharma 23,786 Reputation points Microsoft Employee
    2020-06-25T00:11:07.597+00:00

    @NormKelson-5136 In order to access Microsoft Graph you do not specifically need to call the authorize endpoint. You need to access the authorize endpoint (https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize) if you are using Authorization code grant flow which captures the authorization code.
    You need to passed authorization code as "Code" to get required access token. So, you need to pass the below values in your request body for retrieving an access token:

    Your request URL: https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token
    client_id : Your APP ID
    client_secret: Your App Secret
    redirect_uri: Redirect URI you have configured during the application registration. For native application it should be https://login.microsoftonline.com/common/oauth2/nativeclient
    grant_type: authorization_code
    scope: openid profile offline_access User.Read Mail.Read
    code: Authorization code you have received

    Here scope is a list of Microsoft Graph permissions that you want user to consent to and you can modify this. You can also use https://graph.microsoft.com/.default as scope for default scope.
    Please refer to get more details.

    If you are using a Client Credentials flow then your application gets the required access token directly from the token endpoint https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token to call Microsoft Graph API endpoint.
    Please refer to the documentation for details.

    You can also use the tools like Microsoft Graph Explorer and Postman to try out few Graph requests. Please refer to Use Postman with the Microsoft Graph API to get started.

    0 comments No comments

  2. Norm Kelson 116 Reputation points
    2020-06-25T16:00:00.13+00:00

    Thanks for your quick response. I made the changes as you suggested.

    I'm doing fine with the authorization. The authorization code that I receive from the authorize is used for the "code" for the token request. Yet, the result for the token request is blank.

    Here is the request (I will regenerate a new secret code):

    https://login.microsoftonline.com/4e54a1c8-d98b-4f9b-8de9-bad93ae00fba/oauth2/v2.0/token
    client_id=c2c71ba0-4682-424b-a847-dba1d0840790 &client_secret = KE~v_Vs~X8kNJqrB-w33XBOD9a.tMzhdpd &redirect_url=https://login.microsoftonline.com/common/oauth2/nativeclient &grant_type=authorization_code &scope=openid profile offline_access User.Read Mail.Read &code=51483342-085c-4d86-bf88-cf50c7252078

    I'm initiating the post from a development software package which I generated. I submit the request from an internal call defined as http_post_page2 where i send the url as one variable and the entire body as the second variable. The authorize goes thru but not the token.

    0 comments No comments

  3. Saurabh Sharma 23,786 Reputation points Microsoft Employee
    2020-06-25T23:30:54.233+00:00

    @NormKelson-5136 No, authorization code is not correct. You must not be getting the correct authorization code. In order to get the authorization code you need to pass the
    You need to pass the below parameters for retrieving authorization code:

    client_id=c2c71ba0-4682-424b-a847-dba1d0840790
    response_type = code
    redirect_uri = https://login.microsoftonline.com/common/oauth2/nativeclient
    response_mode = query
    scope = openid offline_access Mail.read
    state = some dummy number e.g. 12345

    Your authorization endpoint should look like the below -
    https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?client_id=c2c71ba0-4682-424b-a847-dba1d0840790&response_type=code&redirect_uri=http%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient&response_mode=query&scope=openid%20offline_access%20mail.read&state=12345

    I suggest you to please look into this document to get authorization code using browser like below.
    10762-microsoft-edge-auth-code.png

    Then you can use the code like below to get access tokens. Here is an example using Postman to get the same -
    10771-postman-auth-grant.png

    Are you trying to implement authorization in your application and what is the language you are using to create your application ?
    I will suggest you to use MSAL (Microsoft Authentication Library) in your code to acquire token and renewal. MSAL will take care of acquiring authorization code and token with ease. Here is document you can refer to for creating native windows application. You can also refer to the documentation to know about supported platforms and frameworks.

    0 comments No comments

  4. Norm Kelson 116 Reputation points
    2020-06-28T16:48:04.437+00:00

    I built my application using Alpha Software’s AlhaAnywhere which is a development platform. Much of the coding is an xbasic. This limits me to either a get or post.

    As you suggested, I Installed Postman and am including the request and response. I appear to be getting a valid response from authorize but in getting the 404 error when I use the token. I copied your suggested content to each get/post:

    AUTHORIZE GET
    https://login.microsoftonline.com/4e54a1c8-d98b-4f9b-8de9-bad93ae00fba/oauth2/v2.0/authorize?client_id=c2c71ba0-4682-424b-a847-dba1d0840790&response_type=code&redirect_url=https://login.microsoftonline.com/common/oauth2/nativeclient&response_mode=query&scope=openid offline_access Mail.read&state=1234

    AUTHORIZE RESPONSE
    KEY
    VALUE
    Cache-Control
    no-cache, no-store
    Pragma
    no-cache
    Content-Type
    text/html; charset=utf-8
    Content-Encoding
    gzip
    Expires
    -1
    Vary
    Accept-Encoding
    Strict-Transport-Security
    max-age=31536000; includeSubDomains
    X-Content-Type-Options
    nosniff
    X-Frame-Options
    DENY
    Link
    <https://aadcdn.msauth.net>; rel=preconnect; crossorigin
    Link
    <https://aadcdn.msauth.net>; rel=dns-prefetch
    Link
    <https://aadcdn.msftauth.net>; rel=dns-prefetch
    X-DNS-Prefetch-Control
    on
    x-ms-request-id
    d45f8655-6925-41e7-a0e8-94e3b9a08801 -< returned successfully
    x-ms-ests-server
    2.1.10732.8 - CHI ProdSlices
    P3P
    CP="DSP CUR OTPi IND OTRi ONL FIN"
    Set-Cookie
    buid=AQABAAEAAAAGV_bv21oQQ4ROqh0_1-tAFew-sAZWekjvkAKJB3GlvmDtkTl_A_K7LZB9LtbscRvLg1mL4t9pEmmJUtRoA5FrjqJmglZH-SoLQcX2EH__IFpDD9zG8RbG-3rb7jlAv_QgAA; expires=Tue, 28-Jul-2020 16:32:22 GMT; path=/; secure; HttpOnly; SameSite=None
    Set-Cookie
    fpc=AuusdQTkD0VBgpYottXjklgupWyXAQAAAEi8itYOAAAA; expires=Tue, 28-Jul-2020 16:32:22 GMT; path=/; secure; HttpOnly; SameSite=None
    Set-Cookie
    x-ms-gateway-slice=prod; path=/; SameSite=None; secure; HttpOnly
    Set-Cookie
    stsservicecookie=ests; path=/; secure; HttpOnly; SameSite=None
    Date
    Sun, 28 Jun 2020 16:32:21 GMT
    Content-Length
    44825
    Bootcamp
    TOKEN REQUEST
    https://login.microsoftonline.com/4e54a1c8-d98b-4f9b-8de9-bad93ae00fba/oauth2/v2.0/token HTTP/1.1 application/x-www-form-urlencoded ?client_id=c2c71ba0-4682-424b-a847-dba1d0840790&scope=openid profile offline_access User:Read Mail.Read
    &redirect_url=https://login.microsoftonline.com/common/oauth2/nativeclient&grant_type=authorization_code&code=d45f8655-6925-41e7-a0e8-94e3b9a08801 -> USED CODE FROM ABOVE IMMEDIATELY

    TOKEN RESPONSE
    Status: 404 Not Found

    HEADERS:
    KEY
    VALUE
    Cache-Control
    private
    Strict-Transport-Security
    max-age=31536000; includeSubDomains
    X-Content-Type-Options
    nosniff
    x-ms-request-id
    06c8da7a-d691-4718-9f4c-4f92c73fb901 DON’T MATCH
    x-ms-ests-server
    2.1.10732.8 - CHI ProdSlices
    P3P
    CP="DSP CUR OTPi IND OTRi ONL FIN"
    Set-Cookie
    x-ms-gateway-slice=prod; path=/; SameSite=None; secure; HttpOnly
    Date
    Sun, 28 Jun 2020 16:24:30 GMT
    Content-Length
    0
    Bootcamp

    Your thoughts on what I’m doing wrong.

    0 comments No comments

  5. Saurabh Sharma 23,786 Reputation points Microsoft Employee
    2020-06-30T23:49:30.767+00:00

    @NormKelson-5136 As I mentioned earlier the code you are using is not an authorization code and that is why you are not able to fetch the access token. 10996-auth-code.png

    You have to use browser to get the authorization code by accessing the authorization (/authorize) endpoint. 11073-microsoft-edge-auth-code.png

    If you want to get the token programmatically using authorization code grant flow then your application needs to be capable of opening a web browser for you to sign-in. Once logged in successfully you will get the code in returned query string. Here is an Python example to extract the code from the returned result.

    dr = webdriver.Chrome()
    # load the user login page
    dr.get(authorization_url)
    # wait until the user login or kill the process
    code_received = False
    code = ''
    while(not code_received):
    cur_url = dr.current_url
    if cur_url.startswith(user_parameters['redirect_uri']):
    parsed = [urlparse](https://docs.python.org/2/library/urlparse.html)(cur_url)
    query = [parse_qs](https://docs.python.org/3/library/urllib.parse.html)(parsed.query)
    **code = query['code'][0]** -> This is the authorization code.
    state = query['state'][0]
    # throw exception if the state does not match
    if state != str(auth_state):
    raise ValueError('state does not match')
    code_received = True
    dr.close()
    

    In your code you need to use similar approach to get the result and extract the code out of it and use that to get access token.