CODEWITHSUNDEEP
phpazure-ad-b2cazure-active-directoryazure-ad-graph-api
Mainak
Mainak

Reputation: 470

Unable to get tokens for app using code from azure graph

I have created an app in http://apps.dev.microsoft.com/ and tried to connect from my web application Here is my code:

  $data = array (
          'code' => $code,
          'client_secret' => 'C2A32632155A3270220244A5774431C58126F9B5',
          'client_id' => '49c1c823-b423-4673-af57-7be1ab39e386',
          'grant_type' => 'authorization_code',
          'redirect_uri' => 'http://localhost/crm/contacts/connectOffice',
          'scope' => 'offline_access Contacts.ReadWrite'
        );
    $url = 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);      
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $data);  
    $result = curl_exec($curl);

I get the response :

[error] => invalid_client [error_description] => AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided. Trace ID: 47f5eaa3-2ea0-45bc-9bfa-8457395ae354 Correlation ID: 3007e67d-120d-4cf1-a0e6-1863d202b233 Timestamp: 2017-01-12 13:12:28Z [error_codes] => Array ( [0] => 70002 [1] => 50012 )

[timestamp] => 2017-01-12 13:12:28Z
[trace_id] => 47f5eaa3-2ea0-45bc-9bfa-8457395ae354
[correlation_id] => 3007e67d-120d-4cf1-a0e6-1863d202b233

I am quite sure that I have provided the correct client secret and client Id in the request but still I get this error all the time . Can anyone suggest where I may be going wrong or what more do I need to do to correct this ?

Upvotes: 1

Views: 321

Answers (1)

Daniel Dobalian
Daniel Dobalian

Reputation: 3237

The value you're using in your client secret field right now is actually a Public Key that is generated if you hit the Generate New Key Pair button.

For what you're trying to do, you'll want to hit the Generate New Password button in the portal to get a 23 character client secret. That should allow you to get an auth code.

One other thing, make sure if you're trying to get an auth code you use the correct authorization endpoint https://login.microsoftonline.com/common/oauth2/v2.0/authorize. The url you have above is used when you have an auth code and want to exchange it for tokens.

Upvotes: 2

Related Questions