Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Microsoft Graph REST API invalid client secret

I have the following POST call I need to make. However, even if I provided the right client id and secret id, my call is getting rejected.

    curl POST https://login.microsoftonline.com/f02....e3/oauth2/token
 -H 'Content-Type: application/x-www-form-urlencoded'  --data 'grant_type=authorization_code&redirect_uri=https://requestb.in/ac&
source=https://graph.microsoft.com&client_id=1e1....-913d9
&client_secret=YmbSFYz.....4Uk=&scope=mail.read&code=AaAAA........on0a569'

This is the error I receive:

    curl: (6) Could not resolve host: POST
    {"error":"invalid_client","error_description":"AADSTS70002: 
Error validating credentials. AADSTS50012: Invalid client secret is
 provided.\r\nTrace ID: 78d...a2b\r\nCorrelation ID: 
01....ab2\r\nTimestamp: 2016-12-14 01:46:47Z","error_codes":[70002,50012],"timestamp":"2016-12-14 01:46:47Z","trace_id":"78d....a2b","correlation_id":"018.....ab2"}

How could I resolve this ?

EDIT: I am trying to achieve the second section(i.e getting token) in this documentation

like image 806
WowBow Avatar asked Dec 14 '16 01:12

WowBow


People also ask

Is Microsoft Graph being deprecated?

Azure Active Directory (Azure AD) Graph is deprecated and will be retired at any time after June 30, 2023, without advance notice, as we announced in September, 2022.


2 Answers

The post you provided is leveraging AAD V2 endpoint. But according your code snippet, you were using V1 endpoint https://login.microsoftonline.com/f02....e3/oauth2/token. For acquire access token via V1 endpoint, you can refer to https://graph.microsoft.io/en-us/docs/authorization/app_authorization for more details.

For the V2 authorization endpoint, you may check out the endpoints you are using:

GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize?...

POST https://login.microsoftonline.com/common/oauth2/v2.0/token

And also it is required a v2.0 ad application:

This article assumes a v2.0 registration, so you'll register your app on the Application Registration Portal.

like image 168
Gary Liu Avatar answered Sep 22 '22 14:09

Gary Liu


It was due to client_secret. It may contain special characters.

The encodeURIComponent() function encodes a URI component. This function encodes special characters. In addition, it encodes the following characters: , / ? : @ & = + $ #

Use the below one:

encodeURIComponent(client_secret);
like image 42
Muthu Prasanth Avatar answered Sep 22 '22 14:09

Muthu Prasanth