Microsoft Graph REST API invalid client secret

Microsoft Graph REST API invalid client secret

I have the following POST call I need to make. However, even if I provided the right client id and secret id, my call is getting rejected.

curl POST https://login.microsoftonline.com/f02....e3/oauth2/token -H 'Content-Type: application/x-www-form-urlencoded' --data 'grant_type=authorization_code&redirect_uri=https://requestb.in/ac& source=https://graph.microsoft.com&client_id=1e1....-913d9 &client_secret=YmbSFYz.....4Uk=&scope=mail.read&code=AaAAA........on0a569'

This is the error I receive:

curl: (6) Could not resolve host: POST {"error":"invalid_client","error_description":"AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.rnTrace ID: 78d...a2brnCorrelation ID: 01....ab2rnTimestamp: 2016-12-14 01:46:47Z","error_codes":[70002,50012],"timestamp":"2016-12-14 01:46:47Z","trace_id":"78d....a2b","correlation_id":"018.....ab2"}

How could I resolve this ?

EDIT: I am trying to achieve the second section(i.e getting token) in this documentation

Is your redirect_uri the same as the one you entered when you registered your app?
– Oscar Siauw
Dec 14 '16 at 2:54

redirect_uri

yes it is. If they are different, is that a problem ?
– WowBow
Dec 15 '16 at 18:31

3 Answers
3

The post you provided is leveraging AAD V2 endpoint. But according your code snippet, you were using V1 endpoint https://login.microsoftonline.com/f02....e3/oauth2/token. For acquire access token via V1 endpoint, you can refer to https://graph.microsoft.io/en-us/docs/authorization/app_authorization for more details.

https://login.microsoftonline.com/f02....e3/oauth2/token

For the V2 authorization endpoint, you may check out the endpoints you are using:

GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize?...

POST https://login.microsoftonline.com/common/oauth2/v2.0/token

And also it is required a v2.0 ad application:

This article assumes a v2.0 registration, so you'll register your app on the Application Registration Portal.

Thank you for explaining this. After I tried v2.0 for authorization code first, I found the following errors: AADSTS70001: Application '1e15...53d9' is not supported for this API version.
– WowBow
Dec 15 '16 at 18:23

It means that your AD application dose not support v2.0 endpoint. For registering a v2.0 application, you can refer to docs.microsoft.com/en-us/azure/active-directory/…
– Gary Liu - MSFT
Dec 16 '16 at 1:12

as long as it can support both Office and Outlook, I can re configure the app to use v2.
– WowBow
Dec 16 '16 at 1:13

i am afraid that currently we cannot.
– Gary Liu - MSFT
Dec 16 '16 at 1:14

I see. So I should use v1 if we want to access both outlook and office features. Right ?
– WowBow
Dec 16 '16 at 1:15

I am using the npm package:

Microsoft Azure Active Directory Passport.js Plug-In

with the v1 tenant-specific endpoint.

I was initially receiving the same error message after successfully logging into Microsoft: "Invalid Client Secret".

I was using the "Application ID" as the Client Secret. Then I discovered that you need to go onto the "Settings" tab in the Microsoft Azure Portal

Microsoft Azure

and create a new "Key". It doesn't matter what you name the key. When you click the "Save" button, the value of the key will be filled in the web form. Copy this right away, since it will not be displayed again if the web page is refreshed.

This is the "Client Secret" that you need to add to your configuration.

It was due to client_secret. It may contain special characters.

The encodeURIComponent() function encodes a URI component.
This function encodes special characters. In addition, it encodes the following characters: , / ? : @ & = + $ #

encodeURIComponent()

Use:

encodeURIComponent(client_secret);

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

oHXVX9cEI6TS8K42zbKDrKh,O,dd3VlIoceYKI7iZw5Wam

搜尋此網誌

Gtjkyu