CODEWITHSUNDEEP
javaazure-active-directorymicrosoft-graph-apiazure-ad-msalmicrosoft-identity-platform
user5155835
user5155835

Reputation: 4742

Microsoft Oauth2 403 Forbidden

I want to access any user's calendar in my Java application.

In https://portal.azure.com, I created an Azure Active Directory: aniketorg123

Then I created an app in it: aniketorgapp1

Following are the Redirect URIs that I added:

enter image description here

Then I added some permissions:

enter image description here

Now, in my application I send Oauth authorization request:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&response_mode=form_post&redirect_uri=https%3A%2F%2Flocalhost%3A8443%2Fmsal4jsample%2Fsecure%2Faad&client_id=ca146462-8880-424c-b629-cc7c0d0fb1b3&scope=openid+offline_access+profile&prompt=select_account&state=69a2ac0f-abac-46ad-b525-88f0b70182b7&nonce=9278f424-6858-4e22-bb13-7b13894abda7

This loads the "Pick an account" page. When the user picks an account, I'm getting the following response:

403 Forbidden

Why could I be getting 403 forbidden?

Upvotes: 0

Views: 2295

Answers (2)

sgonzalez
sgonzalez

Reputation: 836

This seemed to be an issue with the sample, which should be fixed now. You can also try changing response_mode=query in the authorization url and that should fix this problem. This was caused by some of the samesite updates that browsers are making.

Upvotes: 1

Sri Hari Krishna Yalamanchili
Sri Hari Krishna Yalamanchili

Reputation: 2447

If you get a 403 forbidden error, make sure that the correct service principal has been added to your publisher account in the Cloud Partner Portal. Follow the steps in the Prerequisites page to add your service principal to the portal.

If the correct service principal has been added, then verify all the other information. Pay close attention to the Object ID entered on the portal. There are two Object IDs in the Azure Active Directory app registration page, and you must use the local Object ID. You can find the correct value by going to the App registrations page for your app and clicking on the app name under Managed application in local directory. This takes you to the local properties for the app, where you can find the correct Object ID in the Properties page, as shown in the following figure. Also, ensure that you use the correct publisher ID when you add the service principal and make the API call.

Reference Document.

Upvotes: 1

Related Questions