Microsoft OAuth authentication fails

Yulia Filinskikh 21 Reputation points
2022-07-01T13:27:33.293+00:00

We have an enterprise application registered in portal.azure.com, in personal acount that is working fine.
Now we need to registered a new application in different account. We duplicated the app configuration, assigned the Authentication Type as Web and used application redirect URI.
We successfully retrieve the authorization code but fail to acquire an access and refresh tokens using the auth code flow, getting the following error:

curl --location --request POST 'https://login.live.com/oauth20_token.srf' \  
--header 'Content-Type: application/x-www-form-urlencoded' \  
--data-urlencode 'code=M.R3_SN1.2cfef4d5-0e48-3e10-5cda-aa403550da40' \  
--data-urlencode 'redirect_uri=http://localhost/provider/finish-auth' \  
--data-urlencode 'client_id=clientID' \  
--data-urlencode 'grant_type=authorization_code' \  
--data-urlencode 'client_secret=clientSecret'  

400 Bad request  
{  
    "error": "invalid_grant",  
    "error_description": "The provided value for the 'code' parameter is not valid.",  
    "correlation_id": "238fb3d0-6932-465e-a40e-5faf9c99c743"  
}  

There are no any details in error so it's not clear what are the next steps we should take to investigate and fix the problem? Could someone help what we need to check first?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,049 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,251 questions
{count} votes

Accepted answer
  1. CarlZhao-MSFT 45,186 Reputation points
    2022-07-06T10:50:23.927+00:00

    Hi @Yulia Filinskikh

    I registered an app in the tenant that allows personal account login, and then use the personal account to log in to test, it works fine for me, please refer to my operation process:

    Create an application:
    218124-image.png

    Get the authorization code:

    https://login.microsoftonline.com/common/oauth2/v2.0/authorize?  
    client_id={client id}  
    &response_type=code  
    &redirect_uri=https://jwt.ms  
    &response_mode=query  
    &scope=User.Read offline_access  
    &state=12345  
    

    Redeem an access token and refresh token with an authorization code:
    218162-2022-07-06-184402.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.