Microsoft Graph Issue with Authorisation Code
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I am trying to allow access to Microsoft accounts using the instructions here https://docs.microsoft.com/en-us/graph/auth-v2-user.
I have the first two steps working, the issue is occurring when I try to use the Authorisation Code that is returned after the user has granted permission to the application.
I am a bit confused because in the example above the Authorization response has an Authorization Code that looks like a GUID with an extra character at the start. From the example: M0ab92efe-b6fd-df08-87dc-2c6500a7f84d. This looks like what I am getting.
However in step three, Getting a Token, the Authorization code now looks very different. Again from the example: OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr... I am guessing that this is a Base64 string of some sort but I tried simply encoding the GUID like code from the previous step but that hasn't worked.
Am I missing a step here that somehow turns the initial Authorization code into a new format?
If I use the Authorization code that I receive directly I get a 401 response when trying to get an Access Token.
Relevant code below (c# and ASP.NET core 2.1).
Requested permissions:
"User.Read Mail.ReadWrite"
Link to request authorisation:
$"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={appId}" +
$"&response_type=code" +
$"&redirect_uri={responseUrl}" +
$"&response_mode=query" +
$"&scope={permissions}" +
$"&state={userManager.GetUserId(User)}";
Action to receive authorisation response:
[HttpGet]
[Route("authentication/ms/receive-response/")]
public async Task<IActionResult> ReceiveAuthResponse(string code, string state)
{
ApplicationUser applicationUser = await UserManager.GetApplicationUser(User);
OfficeLinkConfiguration officeLinkConfiguration = new OfficeLinkConfiguration
{
ApplicationId = configuration.GetSection("OfficeLink").GetValue<string>("ApplicationId"),
RequestedPermissions = configuration.GetSection("OfficeLink").GetValue<string>("RequestedPermissions"),
RedirectUrl = configuration.GetSection("OfficeLink").GetValue<string>("ResponseUrl"),
ClientSecret = configuration.GetSection("OfficeLink").GetValue<string>("Password"),
};
OfficeLinkProvider officeLinkProvider = new OfficeLinkProvider(officeLinkConfiguration, tokenStore);
await officeLinkProvider.RequestAccessToken(applicationUser, code);
return Redirect("/");
}
Request Access Token:
public async Task RequestAccessToken(ApplicationUser user, string authorisationCode)
{
string tokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
string postBody = $"client_id={Configuration.ApplicationId}" +
$"&scope={Configuration.RequestedPermissions}" +
$"&code={authorisationCode}" +
$"&redirect_uri={Configuration.RedirectUrl}" +
"&grant_type=authorization_code" +
$"&client_secret={Configuration.ClientSecret}";
using (WebClient webClient = new WebClient())
{
webClient.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
string result = await webClient.UploadStringTaskAsync(tokenUrl, postBody);
TokenResponse tokenResponse = JsonConvert.DeserializeObject<TokenResponse>(result);
HandleAuthorisationResponse(user, tokenResponse);
}
}
asp.net-core oauth-2.0 microsoft-graph
edited Nov 29 '18 at 6:08
Khushali
885
asked Nov 29 '18 at 3:58
ChrisWChrisW
38310
add a comment |
I am trying to allow access to Microsoft accounts using the instructions here https://docs.microsoft.com/en-us/graph/auth-v2-user.
I have the first two steps working, the issue is occurring when I try to use the Authorisation Code that is returned after the user has granted permission to the application.
I am a bit confused because in the example above the Authorization response has an Authorization Code that looks like a GUID with an extra character at the start. From the example: M0ab92efe-b6fd-df08-87dc-2c6500a7f84d. This looks like what I am getting.
However in step three, Getting a Token, the Authorization code now looks very different. Again from the example: OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr... I am guessing that this is a Base64 string of some sort but I tried simply encoding the GUID like code from the previous step but that hasn't worked.
Am I missing a step here that somehow turns the initial Authorization code into a new format?
If I use the Authorization code that I receive directly I get a 401 response when trying to get an Access Token.
Relevant code below (c# and ASP.NET core 2.1).
Requested permissions:
"User.Read Mail.ReadWrite"
Link to request authorisation:
$"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={appId}" +
$"&response_type=code" +
$"&redirect_uri={responseUrl}" +
$"&response_mode=query" +
$"&scope={permissions}" +
$"&state={userManager.GetUserId(User)}";
Action to receive authorisation response:
[HttpGet]
[Route("authentication/ms/receive-response/")]
public async Task<IActionResult> ReceiveAuthResponse(string code, string state)
{
ApplicationUser applicationUser = await UserManager.GetApplicationUser(User);
OfficeLinkConfiguration officeLinkConfiguration = new OfficeLinkConfiguration
{
ApplicationId = configuration.GetSection("OfficeLink").GetValue<string>("ApplicationId"),
RequestedPermissions = configuration.GetSection("OfficeLink").GetValue<string>("RequestedPermissions"),
RedirectUrl = configuration.GetSection("OfficeLink").GetValue<string>("ResponseUrl"),
ClientSecret = configuration.GetSection("OfficeLink").GetValue<string>("Password"),
};
OfficeLinkProvider officeLinkProvider = new OfficeLinkProvider(officeLinkConfiguration, tokenStore);
await officeLinkProvider.RequestAccessToken(applicationUser, code);
return Redirect("/");
}
Request Access Token:
public async Task RequestAccessToken(ApplicationUser user, string authorisationCode)
{
string tokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
string postBody = $"client_id={Configuration.ApplicationId}" +
$"&scope={Configuration.RequestedPermissions}" +
$"&code={authorisationCode}" +
$"&redirect_uri={Configuration.RedirectUrl}" +
"&grant_type=authorization_code" +
$"&client_secret={Configuration.ClientSecret}";
using (WebClient webClient = new WebClient())
{
webClient.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
string result = await webClient.UploadStringTaskAsync(tokenUrl, postBody);
TokenResponse tokenResponse = JsonConvert.DeserializeObject<TokenResponse>(result);
HandleAuthorisationResponse(user, tokenResponse);
}
}
asp.net-core oauth-2.0 microsoft-graph
edited Nov 29 '18 at 6:08
Khushali
885
asked Nov 29 '18 at 3:58
ChrisWChrisW
38310
Have you written"&grant_type=authorization_code"properly in the token request?
– RakihthaRR
Nov 29 '18 at 5:35
@RakihthaRR I think so, I copied it straight from the documentation. I've got the US spelling for authorization
– ChrisW
Nov 29 '18 at 6:06
add a comment |
I am trying to allow access to Microsoft accounts using the instructions here https://docs.microsoft.com/en-us/graph/auth-v2-user.
I have the first two steps working, the issue is occurring when I try to use the Authorisation Code that is returned after the user has granted permission to the application.
I am a bit confused because in the example above the Authorization response has an Authorization Code that looks like a GUID with an extra character at the start. From the example: M0ab92efe-b6fd-df08-87dc-2c6500a7f84d. This looks like what I am getting.
However in step three, Getting a Token, the Authorization code now looks very different. Again from the example: OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr... I am guessing that this is a Base64 string of some sort but I tried simply encoding the GUID like code from the previous step but that hasn't worked.
Am I missing a step here that somehow turns the initial Authorization code into a new format?
If I use the Authorization code that I receive directly I get a 401 response when trying to get an Access Token.
Relevant code below (c# and ASP.NET core 2.1).
Requested permissions:
"User.Read Mail.ReadWrite"
Link to request authorisation:
$"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={appId}" +
$"&response_type=code" +
$"&redirect_uri={responseUrl}" +
$"&response_mode=query" +
$"&scope={permissions}" +
$"&state={userManager.GetUserId(User)}";
Action to receive authorisation response:
[HttpGet]
[Route("authentication/ms/receive-response/")]
public async Task<IActionResult> ReceiveAuthResponse(string code, string state)
{
ApplicationUser applicationUser = await UserManager.GetApplicationUser(User);
OfficeLinkConfiguration officeLinkConfiguration = new OfficeLinkConfiguration
{
ApplicationId = configuration.GetSection("OfficeLink").GetValue<string>("ApplicationId"),
RequestedPermissions = configuration.GetSection("OfficeLink").GetValue<string>("RequestedPermissions"),
RedirectUrl = configuration.GetSection("OfficeLink").GetValue<string>("ResponseUrl"),
ClientSecret = configuration.GetSection("OfficeLink").GetValue<string>("Password"),
};
OfficeLinkProvider officeLinkProvider = new OfficeLinkProvider(officeLinkConfiguration, tokenStore);
await officeLinkProvider.RequestAccessToken(applicationUser, code);
return Redirect("/");
}
Request Access Token:
public async Task RequestAccessToken(ApplicationUser user, string authorisationCode)
{
string tokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
string postBody = $"client_id={Configuration.ApplicationId}" +
$"&scope={Configuration.RequestedPermissions}" +
$"&code={authorisationCode}" +
$"&redirect_uri={Configuration.RedirectUrl}" +
"&grant_type=authorization_code" +
$"&client_secret={Configuration.ClientSecret}";
using (WebClient webClient = new WebClient())
{
webClient.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
string result = await webClient.UploadStringTaskAsync(tokenUrl, postBody);
TokenResponse tokenResponse = JsonConvert.DeserializeObject<TokenResponse>(result);
HandleAuthorisationResponse(user, tokenResponse);
}
}
asp.net-core oauth-2.0 microsoft-graph
edited Nov 29 '18 at 6:08
Khushali
885
asked Nov 29 '18 at 3:58
ChrisWChrisW
38310
I am trying to allow access to Microsoft accounts using the instructions here https://docs.microsoft.com/en-us/graph/auth-v2-user.
I have the first two steps working, the issue is occurring when I try to use the Authorisation Code that is returned after the user has granted permission to the application.
I am a bit confused because in the example above the Authorization response has an Authorization Code that looks like a GUID with an extra character at the start. From the example: M0ab92efe-b6fd-df08-87dc-2c6500a7f84d. This looks like what I am getting.
However in step three, Getting a Token, the Authorization code now looks very different. Again from the example: OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr... I am guessing that this is a Base64 string of some sort but I tried simply encoding the GUID like code from the previous step but that hasn't worked.
Am I missing a step here that somehow turns the initial Authorization code into a new format?
If I use the Authorization code that I receive directly I get a 401 response when trying to get an Access Token.
Relevant code below (c# and ASP.NET core 2.1).
Requested permissions:
"User.Read Mail.ReadWrite"
Link to request authorisation:
$"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={appId}" +
$"&response_type=code" +
$"&redirect_uri={responseUrl}" +
$"&response_mode=query" +
$"&scope={permissions}" +
$"&state={userManager.GetUserId(User)}";
Action to receive authorisation response:
[HttpGet]
[Route("authentication/ms/receive-response/")]
public async Task<IActionResult> ReceiveAuthResponse(string code, string state)
{
ApplicationUser applicationUser = await UserManager.GetApplicationUser(User);
OfficeLinkConfiguration officeLinkConfiguration = new OfficeLinkConfiguration
{
ApplicationId = configuration.GetSection("OfficeLink").GetValue<string>("ApplicationId"),
RequestedPermissions = configuration.GetSection("OfficeLink").GetValue<string>("RequestedPermissions"),
RedirectUrl = configuration.GetSection("OfficeLink").GetValue<string>("ResponseUrl"),
ClientSecret = configuration.GetSection("OfficeLink").GetValue<string>("Password"),
};
OfficeLinkProvider officeLinkProvider = new OfficeLinkProvider(officeLinkConfiguration, tokenStore);
await officeLinkProvider.RequestAccessToken(applicationUser, code);
return Redirect("/");
}
Request Access Token:
public async Task RequestAccessToken(ApplicationUser user, string authorisationCode)
{
string tokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
string postBody = $"client_id={Configuration.ApplicationId}" +
$"&scope={Configuration.RequestedPermissions}" +
$"&code={authorisationCode}" +
$"&redirect_uri={Configuration.RedirectUrl}" +
"&grant_type=authorization_code" +
$"&client_secret={Configuration.ClientSecret}";
using (WebClient webClient = new WebClient())
{
webClient.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
string result = await webClient.UploadStringTaskAsync(tokenUrl, postBody);
TokenResponse tokenResponse = JsonConvert.DeserializeObject<TokenResponse>(result);
HandleAuthorisationResponse(user, tokenResponse);
}
}
asp.net-core oauth-2.0 microsoft-graph
asp.net-core oauth-2.0 microsoft-graph
edited Nov 29 '18 at 6:08
Khushali
885
asked Nov 29 '18 at 3:58
ChrisWChrisW
38310
edited Nov 29 '18 at 6:08
Khushali
885
asked Nov 29 '18 at 3:58
ChrisWChrisW
38310
edited Nov 29 '18 at 6:08
Khushali
885
edited Nov 29 '18 at 6:08
Khushali
885
edited Nov 29 '18 at 6:08
Khushali
885
885
asked Nov 29 '18 at 3:58
ChrisWChrisW
38310
asked Nov 29 '18 at 3:58
ChrisWChrisW
38310
asked Nov 29 '18 at 3:58
ChrisWChrisW
38310
38310
Have you written"&grant_type=authorization_code"properly in the token request?
– RakihthaRR
Nov 29 '18 at 5:35
@RakihthaRR I think so, I copied it straight from the documentation. I've got the US spelling for authorization
– ChrisW
Nov 29 '18 at 6:06
add a comment |
Have you written"&grant_type=authorization_code"properly in the token request?
– RakihthaRR
Nov 29 '18 at 5:35
@RakihthaRR I think so, I copied it straight from the documentation. I've got the US spelling for authorization
– ChrisW
Nov 29 '18 at 6:06
Have you written
"&grant_type=authorization_code" properly in the token request?– RakihthaRR
Nov 29 '18 at 5:35
Have you written
"&grant_type=authorization_code" properly in the token request?– RakihthaRR
Nov 29 '18 at 5:35
@RakihthaRR I think so, I copied it straight from the documentation. I've got the US spelling for authorization
– ChrisW
Nov 29 '18 at 6:06
@RakihthaRR I think so, I copied it straight from the documentation. I've got the US spelling for authorization
– ChrisW
Nov 29 '18 at 6:06
add a comment |
1 Answer
1
active
oldest
votes
I was able to fix this by deleting the existing Application Password (secret) and creating a new one.
answered Dec 3 '18 at 3:15
ChrisWChrisW
38310
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53531627%2fmicrosoft-graph-issue-with-authorisation-code%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I was able to fix this by deleting the existing Application Password (secret) and creating a new one.
answered Dec 3 '18 at 3:15
ChrisWChrisW
38310
add a comment |
I was able to fix this by deleting the existing Application Password (secret) and creating a new one.
answered Dec 3 '18 at 3:15
ChrisWChrisW
38310
add a comment |
I was able to fix this by deleting the existing Application Password (secret) and creating a new one.
answered Dec 3 '18 at 3:15
ChrisWChrisW
38310
I was able to fix this by deleting the existing Application Password (secret) and creating a new one.
answered Dec 3 '18 at 3:15
ChrisWChrisW
38310
answered Dec 3 '18 at 3:15
ChrisWChrisW
38310
answered Dec 3 '18 at 3:15
ChrisWChrisW
38310
answered Dec 3 '18 at 3:15
ChrisWChrisW
38310
38310
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53531627%2fmicrosoft-graph-issue-with-authorisation-code%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Have you written
"&grant_type=authorization_code"properly in the token request?– RakihthaRR
Nov 29 '18 at 5:35
@RakihthaRR I think so, I copied it straight from the documentation. I've got the US spelling for authorization
– ChrisW
Nov 29 '18 at 6:06