azure - Active Directory Integrating Applications: Access Token Invalid -
i'm following tutorial (https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications) create app oauth add new users azure cloud subscriptions.
as stated in tutorial, i've created app, assigned permissions , performed created secret key.
what i'm doing quite "standard" , still it's not working.
let me show steps:
https://login.microsoftonline.com/common/oauth2/authorize?client_id=[clientid]&response_type=code&redirect_uri=[redirect_uri]&prompt=admin_consent
logging in go to:
this after acceptance service compose "final step" in code authentication retrieve token
var content = new stringcontent( "grant_type=authorization_code" + "&client_id=" + connectors.azure.azurehelper.id + "&client_secret=" + connectors.azure.azurehelper.secret + "&code=" + code + "&resource=" + connectors.azure.azurehelper.id + "&redirect_uri=" + request.url.absoluteuri.split('?')[0], encoding.utf8, "application/x-www-form-urlencoded"); var resp = await client.postasync("https://login.microsoftonline.com/common/oauth2/token", content); var text = await resp.content.readasstringasync(); var token = jsonconvert.deserializeobject<connectors.office365.authresp>(text);
in token.access_token have "well-formed" token.
in token.scopes have lot of "granted permissions" like:
directory.accessasuser.all directory.read.all directory.readwrite.all group.read.all group.readwrite.all member.read.hidden user.read user.read.all user.readbasic.all
but if try perform simplest operation like:
it's i'm retrieving valid token no capabilities! wrong?
in resource field of "code confirmation" put id of application. correct? else can try?
probably find out going wrong. "resource" field in request of token.
now login url specifies want token https://graph.api.net:
var myurl = "https://login.microsoftonline.com/common/oauth2/authorize?client_id=" + azurehelper.id + "&response_type=code&redirect_uri=" + baseurl + "/account/oauth&prompt=admin_consent&resource=" + uri.escapedatastring("https://graph.windows.net");
that gives me url:
https://login.microsoftonline.com/common/oauth2/authorize?client_id=[id]&response_type=code&redirect_uri=[url]&prompt=admin_consent&resource=https%3a%2f%2fgraph.windows.net
then, @ code verification request same resource:
var content = new stringcontent( "grant_type=authorization_code" + "&client_id=" + connectors.azure.azurehelper.id + "&client_secret=" + connectors.azure.azurehelper.secret + "&code=" + code + "&resource=" + uri.escapedatastring("https://graph.windows.net")+ //connectors.azure.azurehelper.id + "&redirect_uri=" + request.url.absoluteuri.split('?')[0], encoding.utf8, "application/x-www-form-urlencoded"); var resp = await client.postasync("https://login.microsoftonline.com/common/oauth2/token", content); var text = await resp.content.readasstringasync(); var token = jsonconvert.deserializeobject<connectors.office365.authresp>(text);
and works charm.
my specific problem due fact that, in first tests, tried put request parameter without doing url encoding.
the strange fact "redirect_uri" don't need specific encoding while need "request"
Comments
Post a Comment