How to get Access Token with Bearer Authorization

Rock Hitman 46 Reputation points

I am building a client and need help getting the access token.

would like to know what needs to be passed in grant_type ? client_assertion ? Where to get these values from ? as these values are required in Authentication in providing AccessToken

POST /token HTTP/1.1 Host: :443 Timestamp: 1212669235 Date: Fri, 12 May 2016 17:21:16 GMT+0000 Content-type: application/x-www-form-urlencoded

grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&scope=profile-search&client_assertion=<JSON Web Signature (JWS)>

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 653
Date: Tue, 29 Oct 2019 14:13:29 GMT
"access_token" : "KjdsjEeRFwksjqefindikHAfDKV...",
"token_type" : "bearer"
"expires_in" : 3600

A set of technologies in the .NET Framework for building web applications and XML web services.
4,016 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
9,967 questions
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
9,956 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,216 Reputation points

    Hi @Rock Hitman • Thank you for reaching out.

    The parameters depend on what authentication flow you want to use and whether you want to acquire the access token under user context or application/client/servicePrincipal context.

    Looking at the example you have shared above, I would assume you want to acquire token under the application context, for which client_credentials flow is used. For this purpose, you need to first register an application under Azure Active Directory > App Registrations blade. Once the application is registered, copy the application (client) ID and upload the certificate under certificates and secrets blade of the application.

    Please refer to the below sample call for client_credentials flow, where client_id is the application ID of the app registered in Azure AD and Scope is the API that will be consuming the token:


    • POST

    Body: (in form-data or x-www-form-urlencoded format):

    • client_id: Application ID copied earlier
    • scope: profile-search (May vary based on the scopes exposed in the resource API)
    • client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer (Must be same)
    • client_assertion: Read about certificate credentials to learn how to register your certificate and Signed assertions for encoded assertion to be used here.
    • grant_type: client_credentials (to acquire token in application context where no human interaction is needed)

    Notice that there are no user credentials specified in the request. The token will be acquired in the Application/servicePrincipal context.

    Read more: Please refer to Microsoft identity platform and the OAuth 2.0 client credentials flow for more details and sample calls for access token requests with client secret, certificate, and federated credential.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.