Azure AD Oauth2/OpenID Connect web app authentication problems

Question

I’m running into some problems getting our code to authenticate to Azure AD. I’ve configured an application and set up our code to request an authorization “code”. That much works, but when I try to exchange the “code” for an “access_token” I get caught in a variety of errors. First I get a “missing resource identified” error. I dug into the Manifest and pulled out a resource-id to pass but then I get a “missing client_secret” error.

But I’m not sure I’m going down the right path here. For one, I’m not sure what resources, if any, I need to access. Since we are just trying to authenticate I don’t think I need to actually request access to any other APIs do I? Maybe I do but I’m not sure which or what I would do with them.

Also, I found this blog post which seemed encouraging: http://www.andrewconnell.com/blog/azure-ad-oauth2-openid-connect

He makes it look like I should be able request both the “code” and the OpenID Connect id_token in the initial authorization request. Which on glance seems to be all I would need to do. But when I try to append the “+id_token” to the “code” resource_type param as he suggests I get a “missing nonce” error. If I include a “nonce” parameter with a random string it goes through without errors and it hits my redirect_uri but I don’t get any data back in the response, and certainly not the profile information he indicates I should see in the blog post.

Zion Brewer · Accepted Answer

Does adding 'response_mode=form_post' allow your app to receive both code and id_token?

Example sign-in request (GET)

https://login.microsoftonline.com/common/oauth2/authorize?response_type=code+id_token&response_mode=form_post&scope=openid&client_id=insert-client-id&nonce=insert-nonce&redirect_uri=insert-redirect-uri

Azure AD Oauth2/OpenID Connect web app authentication problems

Answers (2)

Related Questions