Reputation: 351
Azure AD: Authentication missing or malformed
I am using Postman to query the graph API for the list of applications on my instance of AAD.
Access Token URL: https://login.microsoftonline.com/common/oauth2/token
With these, I'm able to get the access token. Now when I attempt to query the graph API for the list of Applications, along with the access token included in the header, I get the following error:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "***-***-***",
"date": "2017-07-25T16:21:06"
}
}
}
Is there a way to resolve this?
Edit: I also found something weird that when I receive the Access token, I do not receive the refresh token along with it :|
Thanks!
Upvotes: 2
Views: 1342
Answers (1)
Reputation: 507
The resource value in the Auth URL is not the graph API endpoint, so the access token you obtained is for another resource and the graph API cannot validate it. For graph API the endpoint should be https://graph.microsoft.com/
Refresh tokens are not issued for certain OAuth grant types such as the client credentials flow because the client can use its credentials to obtain a new token as required. This may be the reason you don't see the refresh token. In a flow which involves user interaction, the refresh token is used to obtain a new token without requiring user interaction.
Upvotes: 2
Related Questions
- OAuth 2.0 and Azure Active Directory - error AADSTS90009
- Azure Active Directory - UI > API - 401 Error
- Azure Active Directory Oauth 2.0 Client Credentials Flow with API Management Access Token issue
- Microsoft OAuth 2.0 Authorize endpoint complains about missing secret
- Azure AD Authentication Token not authorized
- Authenticate Azure API Management with OAuth2 using Azure AD
- Azure AD returns Authentication_ExpiredToken on valid access token
- Azure AD Oauth2 gives error after authorization request
- Azure Active Directory OAuth 2.0 Authorization gives Bad Request
- Azure AD OAuth 2.0 Invalid Resource