Azure AD Oauth2 gives error after authorization request

Question

I'm trying to do Oauth2 login with Azure AD. I've tried these two URLs

• https://login.microsoftonline.com/common/oauth2/authorize?state=SOME_STATE&redirect_uri=REDIRECT&response_type=code&client_id=CLIENT_ID

• https://login.microsoftonline.com/common/oauth2/authorize?state=SOME_STATE&redirect_uri=REDIRECT&response_type=code&client_id=CLIENT_ID&&response_mode=form_post

and these lead to a login page. After I enter my email and password, I am redirected to https://login.microsoftonline.com/common/federation/oauth2 with these errors

Sorry, but we’re having trouble signing you in. We received a bad request.

Additional technical information: Correlation ID: 886be244-da75-419d-97b4-0e309473ce9e Timestamp: 2017-11-19 17:47:26Z

AADSTS50020: We are unable to issue tokens from this api version for a Microsoft account. Please contact the application vendor as they need to use version 2.0 of the protocol to support this.

I checked my server logs, and the Azure servers haven't even tried to contact me after the login page.

Any ideas how I figure out what the problem is?

Answer 1

Microsoft's documentation is insanely frustrating, but I think I've figured out the issue.

I believe that if you are registering a new app to use any Oauth2 services, you can only register an app to use the v2.0 protocol. I searched extensively, and I was not able to figure out how to register an app to use the older v1.0 protocol.

Despite this, much of the documentation still relates to the v1.0 protocol, some of the documentation states that the v1.0 protocol is recommended in certain situations even though you can no longer register an app for it.

Anyway, here is a summary:

• v1.0 protocols have a link like this: /common/oauth2/authorize
• v2.0 protocols have a link like this: /common/oauth2/v2.0/authorize

If you register a new app (at https://apps.dev.microsoft.com/#/appList) then ignore all documentation relating to the v1.0 protocol because you apparently can't use it.