can't acquire a valid access token for microsoft api through implicit flow

displayName~~ 1 Reputation point
2019-12-09T14:16:22.183+00:00

I want to get outlook contacts into my ionic/angular web app. I'm trying to get the access token for microsoft api using implicit flow in order to access user's contacts. I've tried the following so far :

use this url to get access token in the url parameter from redirect (after user login)
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?"
+"client_id={CLIENT_ID_HERE}"
+"&response_type=token"
+"&redirect_uri=http%3A%2F%2Flocalhost%3A8100%2F"
+"&scope=offline_access openid contacts.read contacts.read.shared user.read"
+"&nonce=89289"//tried both with and without this
+"&response_mode=fragment";

I get an access token in the redirect url, but its actually invalid, eg : 

EwBoA8l6BAAUO9chh8cJscQLmU%2bLSWpbnr0vmwwAASwN7zn/GFDP4wdOkrbA8xsurg0RceNlSsJiBj8uqZkK2E%2bmWTXjrj89FuiSlBcKqAe6dyuEbTOn8YBu3xApWaBKZjuP5lJZnAnWZX80Il7VtWMh2UuK/s4qxOZRYcgJEhwe8iTrPOGofm5Z3oU2o1MzGpSa6qaR1AleeKF9q0hZoV99BKLfRUOueK7LRwpnF4mGjLjTevNCUDGIo1N38FPH5bFPhSfAOVDSV%2bw7ZZO6NAS5Vo6HdgbPWC3Eml9Ix4twyzpgf7e4Q0l3oi%2b23iPtTvyNV16cEtt9jehdZ1TjSLdMj92Yc7e18Y%2bwV1SGav1qZ2Lyd/e3xNDmZz1P%2bSkDZgAACIkGgjdNZrtHOALgj5s3vZkDiURxDQzucVxbzf/p1XCG9qfCStUazMWbp9KlGkpIgHyigTVJfUVjYwht8X77wC3Oa%2btShphq2myn4C7LZp7nfpwGz4bSW0lx42SG2ADn33qu2hh4Mc%2bdJskI4pxGOUnurKnxFH0sxKpCisIIiWylPOgiOqCzH9AGyEaat91glrwzaHfKXXgzMeO88PeEjZ5Rfj0q4dxd4OTv67E8cp%2bXeYhhHerElKMi2LJmt65heTfwLOd7ErVawl9dS77nyMNp1OCow%2bvSysLuvHNCzN9gsUtMgH7a0C78t6cm1NiNsa8Yzk2yZ%2bjPiiNGgilvyv1zSMvAwYrcGjSW/yHY%2bQfn0ijEeo3Qq2tczoq/8/mx3kV50qNla5BWHltaMvwqxxQqk/ZXIJrph9qQsnPcRJcjtvXaSatMPwFoiBYLqTyezcYq6rbvLxbsiEhtE9pQMvMpmu2lzbEdnGYKtMQVjIbBJB7brzFDJ%2bmG2YdLPA9vmsqrmOJM8ZiftWRrDW9alMrml%2bcscmO1vqJuftn3uylvhnAQZP3q40CicqyEcrwSBA29%2bFQGbG/BDIHH0rtUXPsMkwKneJYluVXfMbxUlUxUJhCS79Dd4Jjrk3RX7QWj1WwEz9WlYAwyP0s/PnqPQOVodnwMaHNo%2bV2Xk1/5xi5dcU/Tt2TPJvCvHfS7p4i3%2bKlwTgn2llRMFkVFbf32BM2oaQPlSL7CPDU27IPGoW1xYSYa7ZdNjqvBGak1UNNee%2bStggI%3d

Does anyone know how to solve this?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,363 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,301 Reputation points
    2019-12-10T04:12:54.843+00:00

    @displayName~~ I don't see any problem with the request. I just updated the client_id and redirect_uri parameters in the same call that you have shared and I was able to get a valid access token with all the required scopes. Below is the call and a snip of the token that I got: 

    https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=f0d5befe-xxxx-xxxx-xxxx-xxxxxxxxxxxx&response_type=token&redirect_uri=https://jwt.ms/&scope=offline_access openid contacts.read contacts.read.shared user.read&nonce=89289&response_mode=fragment

    AccessToken

    Are you using federated account? I am suspecting that you are capturing the token issued by federated IDP and not by Azure AD. If that is the case, please try with cloud only account and see if you get a valid access token.

    -----------------------------------------------------------------------------------------------------------

    Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.

  2. he 1 Reputation point
    2020-01-17T13:30:09.25+00:00

    EwBoA8l6BAAUO9chh8cJscQLmU+

    EwCQA8l6BAAUO9chh8cJscQLmU+

    What is it

    0 comments