Reputation: 7161
Why does Get User Access token throws invalid_grant error?
I am using Microsoft Graph Postman Collections to test common Microsoft Graph APIs from within Postman. However, I am stuck while trying to fetch user access token
Below is the request
POST /7c69806f-5754-488f-9dd8-7daa8afea4fd/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
SdkVersion: postman-graph/v1.0
cache-control: no-cache
Postman-Token: ac512133-5afe-47a3-ae9b-3b6c0b510ebd
grant_type=passwordclient_id=ebbe4872-5b7187-de6d6ddf7301client_secret=g99p8DWoxdUPY-%3F%40%5Bv7kt2g4BMxGscope=https%3A%2F%2Fgraph.microsoft.com%2F.defaultuserName=rohitdhamijagmail.onmicrosoft.compassword=Zcost%4080On trying "Fetch user access token" POST API, I get following error:
{
"error": "invalid_grant",
"error_description": "AADSTS50034: The user account rohitdhamijagmail.onmicrosoft.com does not exist in the 7c69806f-5754-488f-9dd8-7daa8afea4fd directory. To sign into this application, the account must be added to the directory.\r\nTrace ID: c0e97dd8-053d-4c99-81e4-354d7ae7d500\r\nCorrelation ID: 7e67450e-3054-48bc-b808-2f6277093dac\r\nTimestamp: 2020-03-03 09:38:09Z",
"error_codes": [
50034
],
"timestamp": "2020-03-03 09:38:09Z",
"trace_id": "c0e97dd8-053d-4c99-81e4-354d7ae7d500",
"correlation_id": "7e67450e-3054-48bc-b808-2f6277093dac",
"error_uri": "https://login.microsoftonline.com/error?code=50034"
}The user account does show under my tenant in Azure , below is the image attached
What can be the issue? Note: I have configured the global environments properly, since I am able to use other API's like Get User info etc.
Upvotes: 2
Views: 11510
Answers (2)
Reputation: 9
I tried the same and it worked for me without any issue, couple of points that can be looked at are,
- Either the app must be registered under same active directory OR it has multi-tenant enabled like below, Authentication
- The app should have following permissions, Permissions
- I just updated user name and password in postman call and my account is also on yourdomainhere.onmicrosoft.com Postman
Upvotes: 1
Reputation: 22495
Your Request Should be Like this.
https://login.microsoftonline.com/YourTenant.onmicrosoft.com/oauth2/v2.0/token
client_id:b603c7be_Client_id_e61f925
scope:https://graph.microsoft.com/.default
client_secret:NpmwO/KDJ_client_secret:NpmwO_W0kWf1SbnL
username:tenentUser.onmicrosoft.com
password:YourUserPassword
grant_type:password
See the screen shot:
I am getting token as expected
Step: 1
Step: 2
Step: 3
Note:
- Make sure your user belong to azure portal on your tenant
- Your Client Id belongs to that tenant
- Application secret is valid or not expired.
Update: How to get Tenant Id
For more information you could refer Official document
Hope that would help.
Upvotes: 3
Related Questions
- Error "invalid_grant" AADSTS65001 when trying to exchange access token
- Status Code: Forbidden; Reason: The request is not authorized for this user or application
- Error 7505 - Request Authorization Tenant Mismatch
- Unable to obtain access token for calling Microsoft Graph APIs
- Access Denied: Either scp or roles claim need to be present in the token. error shows up even if all the permissions were already granted by Admin
- postman and GraphAPI /me/onlineMeetings error 403
- Microsoft Graph API Access Token Issue
- Calling Microsoft Graph API using Postman
- AccessDenied, Either scp or roles claim need to be present in the token
- Microsoft Azure - OAuth2 - "invalid_request"