question

auricio-5666 avatar image
0 Votes"
auricio-5666 asked AshokPeddakotla-MSFT commented

The access token does not work on the blockchain workbench

I'm having trouble using the access token to access the blockchain workbench API, I'm using /oauth2/token to get the access token, but the access token doesn't work on the blockchain workbench. For some reason id_token is working when I send it to the blockchain workbench API.

azure-blockchain-workbench
· 10
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@auricio-5666 Community SME's on this topic or our team will review your scenario and circle back at the possible earliest time.

0 Votes 0 ·

@auricio-5666
Could you let us know the steps you are taking to generate the token?
Could you also try running the troubleshooting script with the appropriate lookback hours and see if you find any relevant info by checking the exceptions and service logs files you obtain?


0 Votes 0 ·

First I log in using the msal library, then I make a post request for "/oauth2/token". It returns refresh_token, id_token and access_token, however, access_token does not work on the blockchain workbench, the token that works is id_token. These are the requisition data:
requestBody = { code: code, client_id: clientId, client_secret: clientSecret, grant_type: 'authorization_code', redirect_uri: myRedirectURL, scopes: ["openid", "profile", "email", "User.Read", "User.ReadBasic.All", "offline_access"], };

It looks like id_token and access_token are exchanged.

0 Votes 0 ·

Could you also provide us with the error or issue you face when you try the access token and any doc that you are referring to?
And, may we know whose client id and client secret you are using here?

0 Votes 0 ·
Show more comments

@auricio-5666 Did you get a chance to see Sana response? Do let us know the requested details for further troubleshooting

0 Votes 0 ·

@auricio-5666 Are you still blocked? Please share the error details and other information requested for further help?



0 Votes 0 ·

@auricio-5666 We hope you had a chance to check Sana's latest response. Do let us know if you have any further queries.

0 Votes 0 ·

1 Answer

SanaCMSFT-8922 avatar image
0 Votes"
SanaCMSFT-8922 answered

Ideally, access token should be used for API calls and not id token. Could you tell us if you see a WWW-Authenticate response header in the response that you obtain? It should contain info about why you are facing unauthorized error. You can also try checking the troubleshooting logs using the troubleshooting script sent before as it may also contain info about why you are facing the error accessing the API.
May we also know the library you are using to generate the access token and any documentation that you are following?
And, just in case, please make sure that you are not using an expired token and please generate a new one in case it is expired.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.