Invalid request. Request is malformed or invalid. While getting Access Token From Azure

Question

I am trying to Get access token from Azure AD. For that I have performed below Steps

1) Created an Enterprise application on Azure Active Directory

2) I am able to get the Access token using Authorisation --->> 'Get New Access token'

3) Hit the 'POST' request for https://login.microsoftonline.com/<Application ID>/oauth2/token URL

Have Configured below for POST Body

• Authorization TYPE is OAuth 2.0
• Passed the Body using 'form-data' as below

ClientID is ApplicationID from Application created at 1st step

Code is Also ApplicationID from Application created at 1st step

Not sure if I have configured it correctly

4) Using Same access code when I try to send an Request I am getting below error response

`{
    "error": "invalid_grant",
    "error_description": "AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 60b8fb68-40d5-43da-9b7b-36de021c2900\r\nCorrelation ID: 90ed2f2c-1ac8-4044-8742-493a3fce51be\r\nTimestamp: 2019-07-03 12:42:32Z",
    "error_codes": [
        9002313
    ],
    "timestamp": "2019-07-03 12:42:32Z",
    "trace_id": "60b8fb68-40d5-43da-9b7b-36de021c2900",
    "correlation_id": "90ed2f2c-1ac8-4044-8742-493a3fce51be"
}

Please let me know where I am wrong or something needs to be changed.

Answer 1

I got the same issue, and finally figure out that my problem is that the code returned after authorization in the redirect uri is actually something like www.yourredirecturl.com/?code=....&section_state=....

So copy the whole thing after ?code= simple include the &section_state and make the code incorrect. Hope this resolve your problem.

Answer 2

If I am not wrong you are trying to get get token using OAuth 2.0 code grant flow.

For this code flow there are two steps:

1. Request an authorization code
2. With this authorization code need request token

Get authorization code

You paste following code either in browser or post man. In postman do it like below:

https://login.microsoftonline.com/YourTennatId.onmicrosoft.com/oauth2/authorize?client_id=YourClentId&response_type=code&redirect_uri=https://www.getpostman.com/oauth2/callback&response_mode=query&scope=offline_access%20user.read%20mail.read

Once you got the authorization code , copy it for next step.

Use the authorization code to request an access token:

Token Request Endpoint: https://login.microsoftonline.com/YourTenantId/oauth2/token

client_id:YourClientId
scope:https://graph.microsoft.com/User.ReadWrite.All
redirect_uri:https://www.getpostman.com/oauth2/callback
grant_type:authorization_code
client_secret:YourAppsSecret
code:Paste Your Code Here

Post Man Format:

Hope this will resolve your problem.