question

displayName-7967 avatar image
0 Votes"
displayName-7967 asked UtlapalliChandu-0701 commented

can't acquire a valid access token for microsoft api through implicit flow

I want to get outlook contacts into my ionic/angular web app. I'm trying to get the access token for microsoft api using implicit flow in order to access user's contacts. I've tried the following so far :

use this url to get access token in the url parameter from redirect (after user login)
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?"
+"client_id={CLIENT_ID_HERE}"
+"&response_type=token"
+"&redirect_uri=http%3A%2F%2Flocalhost%3A8100%2F"
+"&scope=offline_access openid contacts.read contacts.read.shared user.read"
+"&nonce=89289"//tried both with and without this
+"&response_mode=fragment";

I get an access token in the redirect url, but its actually invalid, eg :

 EwBoA8l6BAAUO9chh8cJscQLmU%2bLSWpbnr0vmwwAASwN7zn/GFDP4wdOkrbA8xsurg0RceNlSsJiBj8uqZkK2E%2bmWTXjrj89FuiSlBcKqAe6dyuEbTOn8YBu3xApWaBKZjuP5lJZnAnWZX80Il7VtWMh2UuK/s4qxOZRYcgJEhwe8iTrPOGofm5Z3oU2o1MzGpSa6qaR1AleeKF9q0hZoV99BKLfRUOueK7LRwpnF4mGjLjTevNCUDGIo1N38FPH5bFPhSfAOVDSV%2bw7ZZO6NAS5Vo6HdgbPWC3Eml9Ix4twyzpgf7e4Q0l3oi%2b23iPtTvyNV16cEtt9jehdZ1TjSLdMj92Yc7e18Y%2bwV1SGav1qZ2Lyd/e3xNDmZz1P%2bSkDZgAACIkGgjdNZrtHOALgj5s3vZkDiURxDQzucVxbzf/p1XCG9qfCStUazMWbp9KlGkpIgHyigTVJfUVjYwht8X77wC3Oa%2btShphq2myn4C7LZp7nfpwGz4bSW0lx42SG2ADn33qu2hh4Mc%2bdJskI4pxGOUnurKnxFH0sxKpCisIIiWylPOgiOqCzH9AGyEaat91glrwzaHfKXXgzMeO88PeEjZ5Rfj0q4dxd4OTv67E8cp%2bXeYhhHerElKMi2LJmt65heTfwLOd7ErVawl9dS77nyMNp1OCow%2bvSysLuvHNCzN9gsUtMgH7a0C78t6cm1NiNsa8Yzk2yZ%2bjPiiNGgilvyv1zSMvAwYrcGjSW/yHY%2bQfn0ijEeo3Qq2tczoq/8/mx3kV50qNla5BWHltaMvwqxxQqk/ZXIJrph9qQsnPcRJcjtvXaSatMPwFoiBYLqTyezcYq6rbvLxbsiEhtE9pQMvMpmu2lzbEdnGYKtMQVjIbBJB7brzFDJ%2bmG2YdLPA9vmsqrmOJM8ZiftWRrDW9alMrml%2bcscmO1vqJuftn3uylvhnAQZP3q40CicqyEcrwSBA29%2bFQGbG/BDIHH0rtUXPsMkwKneJYluVXfMbxUlUxUJhCS79Dd4Jjrk3RX7QWj1WwEz9WlYAwyP0s/PnqPQOVodnwMaHNo%2bV2Xk1/5xi5dcU/Tt2TPJvCvHfS7p4i3%2bKlwTgn2llRMFkVFbf32BM2oaQPlSL7CPDU27IPGoW1xYSYa7ZdNjqvBGak1UNNee%2bStggI%3d



Does anyone know how to solve this?

azure-ad-graph
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered UtlapalliChandu-0701 commented

@displayName-7967 I don't see any problem with the request. I just updated the client_id and redirect_uri parameters in the same call that you have shared and I was able to get a valid access token with all the required scopes. Below is the call and a snip of the token that I got:

 https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=f0d5befe-xxxx-xxxx-xxxx-xxxxxxxxxxxx&response_type=token&redirect_uri=https://jwt.ms/&scope=offline_access openid contacts.read contacts.read.shared user.read&nonce=89289&response_mode=fragment

AccessToken

Are you using federated account? I am suspecting that you are capturing the token issued by federated IDP and not by Azure AD. If that is the case, please try with cloud only account and see if you get a valid access token.


Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.



capture.jpg (38.0 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am running into the same issue
I think https://jwt.ms/ does not validate signature.
When I try to use jwt.io or validate access_token using code I get 'invalid signauture' error.
It is weird because when I validate id_token issued with the same request it works fine

0 Votes 0 ·

Hey Aman,
I have used the url you have shared and it is asking me to login every time to get the access token. since, i have mfa enabled(accenture domain) , i have to login every single time to get the access token. could you please find me a way to get the access token by giving the credentials somewhere in the url itself

0 Votes 0 ·
he-4651 avatar image
0 Votes"
he-4651 answered

EwBoA8l6BAAUO9chh8cJscQLmU+

EwCQA8l6BAAUO9chh8cJscQLmU+

What is it

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.