Actually I'm trying to get Access Token using Using the TenantId after Admin consent successfully completed admin by using the following endpoint
https://login.microsoftonline.com/common/adminconsent
then I am requesting the AccessToken Endpoint Using Tenant ID
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
by using HttpWebRequest by passing all the required fields
tenant : 6292ef34-37a8-4687-b8b3-7dd8d54a8a42
Code for API call using HttpWebRequest
public static string AdminConsentAccessToken(string tenant, string state = "", string admin_concent = "")
{
string postData="{\"client_id\":\"65577dd2-cc76-46af-a1ac-71582eac6af2\",\"scope\":\"https://graph.microsoft.com/.default",\"client_secret\":\"my_client_secret\","\grant_type\":"\client_credentials\"}"
string result = string.Empty;
try
{
var httpRequest = (HttpWebRequest)WebRequest.Create($"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token");
httpRequest.Method = "POST"; ;
httpRequest.Accept = "application/json";
httpRequest.ContentType = "application/x-www-form-urlencoded";
using (var streamWriter = new StreamWriter(httpRequest.GetRequestStream()))
{
streamWriter.Write(postData);
}
var httpResponse = (HttpWebResponse)httpRequest.GetResponse();
using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
{
result = streamReader.ReadToEnd();
}
}
catch (Exception ex)
{
//exception
}
return result;
}
With this code I am getting following error : "The remote server returned an error: (400) Bad Request." and status : Protocol Error, can you please check code suggest what went wrong.
and I have tried this from post man also the i am getting 400 - Bad Request (The request cannot be fulfilled due to bad syntax.)
POST : https://login.microsoftonline.com/6292ef34-37a8-4687-b8b3-7dd8d54a8a42/oauth2/v2.0/token
Header : Content-Type : application/x-www-form-urlencoded
Body :
{
"grant_type": "client_credentials",
"client_id":"65577dd2-cc76-46af-a1ac-71582eac6af2",
"scope":"https://graph.microsoft.com/.default",
"client_secret": "my_client_secret"
}
Response :
{
"error": "invalid_request",
"error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: 68beea44-7863-4e08-97c9-526ada9d0300\r\nCorrelation ID: 064a85fe-6d37-43bd-ae59-3dca04232188\r\nTimestamp: 2022-06-24 09:08:56Z",
"error_codes": [
900144
],
"timestamp": "2022-06-24 09:08:56Z",
"trace_id": "68beea44-7863-4e08-97c9-526ada9d0300",
"correlation_id": "064a85fe-6d37-43bd-ae59-3dca04232188",
"error_uri": "https://login.microsoftonline.com/error?code=900144"
}
CodePudding user response:
Try using application/json for the Content-Type header of your request instead of application/x-www-form-urlencoded.
CodePudding user response:
In the Postman ensure that checkbox x-www-urlencoded is selected on tab Body.
Looks like you are sending data in json format.
CodePudding user response:
You create a request model:
public class ReqModel
{
public string client_id{ get; set; }
public string scope{ get; set; }
public string client_secret{ get; set; }
public string grant_type{ get; set; }
}
Then you try to create postData like this:
ReqModel reqModel = new()
{
client_id = "65577dd2-cc76-46af-a1ac-71582eac6af2",
scope = "https://graph.microsoft.com/.default",
client_secret = "my_client_secret",
grant_type = "client_credentials"
};
string postData = JsonConvert.SerializeObject(reqModel, Newtonsoft.Json.Formatting.Indented);
CodePudding user response:
I can get access token by your request
But this doesn't mean you can get access token by simulating a post request in your code, Microsoft require users to use 
If you used msal sdk to authenticate your app, you can also use graph sdk to call graph api:
using Azure.Identity;
using Microsoft.Graph;
var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "hanxia.onmicrosoft.com";
var clientId = "azure_ad_app_id";
var clientSecret = "client_secret";
var clientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var temp = await graphClient.Users.Request().GetAsync();