Menu
I have a problem with the Azure AD v2 authentication endpoint (v2 app model). Our application uses this endpoint and uses the Outlook REST API's. I have two testaccounts:
I have build 2 ways of logging in:
In total 4 scenario's:
The last scenario fails and we need it to work. It uses exactly the same code as the outlook.com scenario which works. First we let the user login in a webcontrol, then the user accepts the permissions and then we get the id token.
We then use that to get the Access token and it fails for Office 365 with AADSTS65005: Dynamic scope is invalid: application...
See request details below.
Why? Can anyone reproduce or please help ?
Regards,
Jeroen
Request: https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id=b75022be-f556-40ec-9785-c3639e65158b&
redirect_uri=urn:ietf:wg:oauth:2.0:oob&
code=CODE_REMOVED_FOR_EXAMPLE&
session_state=98fb6ce4-e219-4265-8347-cc64199895a8&
grant_type=authorization_code
Response: HTTP/1.1 400 Bad Request
{
"error":"unauthorized_client",
"error_description":"AADSTS65005: Dynamic scope is invalid: application 00000000-0000-0000-0000-000000000000 does not exist. Request ID: 94cd9ca3-c376-4d94-854e-bfc4f7ac3161, Timestamp: 02/26/2016 14:06:55\r\nTrace ID: 727ebe28-e7e2-4817-87fc-5f94b637c00e\r\nCorrelation ID: e4c5a448-3ba4-4de6-aaa9-df2f9c501ca5\r\nTimestamp: 2016-02-26 14:06:55Z",
"error_codes":[65005],
"timestamp":"2016-02-26 14:06:55Z",
"trace_id":"727ebe28-e7e2-4817-87fc-5f94b637c00e",
"correlation_id":"e4c5a448-3ba4-4de6-aaa9-df2f9c501ca5"
}
712
I resolved the issue, it appeared that "scope=" parameter is also required in the request to https://login.microsoftonline.com/common/oauth2/v2.0/token. It works now. A little bit strange that for outlook.com it also works without this parameter.
63
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
