question

displayName-7967 avatar image
0 Votes"
displayName-7967 asked ·

can't acquire a valid access token for microsoft api through implicit flow

I want to get outlook contacts into my ionic/angular web app. I'm trying to get the access token for microsoft api using implicit flow in order to access user's contacts. I've tried the following so far :

use this url to get access token in the url parameter from redirect (after user login)
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?"
+"client_id={CLIENT_ID_HERE}"
+"&response_type=token"
+"&redirect_uri=http%3A%2F%2Flocalhost%3A8100%2F"
+"≻ope=offline_access openid contacts.read contacts.read.shared user.read"
+"&nonce=89289"//tried both with and without this
+"&response_mode=fragment";

I get an access token in the redirect url, but its actually invalid, eg :

 EwBoA8l6BAAUO9chh8cJscQLmU%2bLSWpbnr0vmwwAASwN7zn/GFDP4wdOkrbA8xsurg0RceNlSsJiBj8uqZkK2E%2bmWTXjrj89FuiSlBcKqAe6dyuEbTOn8YBu3xApWaBKZjuP5lJZnAnWZX80Il7VtWMh2UuK/s4qxOZRYcgJEhwe8iTrPOGofm5Z3oU2o1MzGpSa6qaR1AleeKF9q0hZoV99BKLfRUOueK7LRwpnF4mGjLjTevNCUDGIo1N38FPH5bFPhSfAOVDSV%2bw7ZZO6NAS5Vo6HdgbPWC3Eml9Ix4twyzpgf7e4Q0l3oi%2b23iPtTvyNV16cEtt9jehdZ1TjSLdMj92Yc7e18Y%2bwV1SGav1qZ2Lyd/e3xNDmZz1P%2bSkDZgAACIkGgjdNZrtHOALgj5s3vZkDiURxDQzucVxbzf/p1XCG9qfCStUazMWbp9KlGkpIgHyigTVJfUVjYwht8X77wC3Oa%2btShphq2myn4C7LZp7nfpwGz4bSW0lx42SG2ADn33qu2hh4Mc%2bdJskI4pxGOUnurKnxFH0sxKpCisIIiWylPOgiOqCzH9AGyEaat91glrwzaHfKXXgzMeO88PeEjZ5Rfj0q4dxd4OTv67E8cp%2bXeYhhHerElKMi2LJmt65heTfwLOd7ErVawl9dS77nyMNp1OCow%2bvSysLuvHNCzN9gsUtMgH7a0C78t6cm1NiNsa8Yzk2yZ%2bjPiiNGgilvyv1zSMvAwYrcGjSW/yHY%2bQfn0ijEeo3Qq2tczoq/8/mx3kV50qNla5BWHltaMvwqxxQqk/ZXIJrph9qQsnPcRJcjtvXaSatMPwFoiBYLqTyezcYq6rbvLxbsiEhtE9pQMvMpmu2lzbEdnGYKtMQVjIbBJB7brzFDJ%2bmG2YdLPA9vmsqrmOJM8ZiftWRrDW9alMrml%2bcscmO1vqJuftn3uylvhnAQZP3q40CicqyEcrwSBA29%2bFQGbG/BDIHH0rtUXPsMkwKneJYluVXfMbxUlUxUJhCS79Dd4Jjrk3RX7QWj1WwEz9WlYAwyP0s/PnqPQOVodnwMaHNo%2bV2Xk1/5xi5dcU/Tt2TPJvCvHfS7p4i3%2bKlwTgn2llRMFkVFbf32BM2oaQPlSL7CPDU27IPGoW1xYSYa7ZdNjqvBGak1UNNee%2bStggI%3d



Does anyone know how to solve this?

azure-ad-graph
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@displayName-7967 I don't see any problem with the request. I just updated the client_id and redirect_uri parameters in the same call that you have shared and I was able to get a valid access token with all the required scopes. Below is the call and a snip of the token that I got:

 https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=f0d5befe-xxxx-xxxx-xxxx-xxxxxxxxxxxx&response_type=token&redirect_uri=https://jwt.ms/&scope=offline_access openid contacts.read contacts.read.shared user.read&nonce=89289&response_mode=fragment

AccessToken

Are you using federated account? I am suspecting that you are capturing the token issued by federated IDP and not by Azure AD. If that is the case, please try with cloud only account and see if you get a valid access token.


Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.



capture.jpg (38.0 KiB)
· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am running into the same issue
I think https://jwt.ms/ does not validate signature.
When I try to use jwt.io or validate access_token using code I get 'invalid signauture' error.
It is weird because when I validate id_token issued with the same request it works fine

0 Votes 0 · ·
he-4651 avatar image
0 Votes"
he-4651 answered ·

EwBoA8l6BAAUO9chh8cJscQLmU+

EwCQA8l6BAAUO9chh8cJscQLmU+

What is it

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.