Reputation: 784
not able to get the token from azure active directory by pass username and password for gmail user
i am trying the following method to get the access token from azure active directory
my code in c sharp is as below
public async Task<string> validateADPCredential(string data)
{
data = HttpUtility.UrlDecode(data);
ADPCredential adpCredential = JsonConvert.DeserializeObject<ADPCredential>(data);
try
{
string clientId = ConfigurationManager.AppSettings["azureclient_id"];
string clientSecret = ConfigurationManager.AppSettings["azureclient_secret"];
string tenant = ConfigurationManager.AppSettings["tenantId"];
string resource = ConfigurationManager.AppSettings["resource"];
var authority = "https://login.microsoftonline.com/" + tenant;
var azureAdEndpoint = new Uri("https://login.microsoftonline.com/eshaweb.onmicrosoft.com/oauth2/v2.0/token");
var urlEncodedContent = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("client_id", clientId), //using the api client id
new KeyValuePair<string, string>("username", adpCredential.Username),
new KeyValuePair<string, string>("password", adpCredential.Password),
new KeyValuePair<string, string>("client_secret", clientSecret),
new KeyValuePair<string, string>("scope", "https://graph.microsoft.com/.default"),
});
HttpClient httpClient = new HttpClient();
var result = await httpClient.PostAsync(azureAdEndpoint, urlEncodedContent);
{
var content = await result.Content.ReadAsStringAsync();
var authResult = JsonConvert.DeserializeObject<dynamic>(content);
return authResult.access_token;
}
}
catch (Exception ex)
{
}
return string.Empty;
}
this code is working fine and i able to get the token for for internal user of active directory.but for gmail user(external user) i am getting the following error.
{{
"error": "invalid_grant", "error_description": "AADSTS50034: The user account {EmailHidden} does not exist in the esheb.onmicrosoft.com directory. To sign into this application, the account must be added to the directory.\r\nTrace ID: 0222e890-a19e-4694-a004-327f2312aa00\r\nCorrelation ID: 8587e63d-9cd-4257-aa6c-1ef394d03f56\r\nTimestamp: 2020-06-09 16:57:03Z", "error_codes": [ 50034 ], "timestamp": "2020-06-09 16:57:03Z", "trace_id": "0222e90-a19e-4694-a004-327f2312aa00", "correlation_id": "8587e63d-c6d-4257-aa6c-1ef394d03f56", "error_uri": "https://login.microsoftonline.com/error?code=50034" }}
again if i tried to get the token in the following method
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
i am able to get the token for internal and external user of the azure active directory.
can any one find out the solution for me .
Upvotes: 1
Views: 473
Answers (1)
Reputation: 15629
It is not supported for gmail user(external user) to use ROPC, you can find the document as below.
Personal accounts that are invited to an Azure AD tenant can't use ROPC(Resource Owner Password Credentials).
Reference:
Microsoft identity platform and OAuth 2.0 Resource Owner Password Credentials
Upvotes: 2
Related Questions
- Not able to get Azure AD token in C#
- Unable to get access token from Azure AD when using Microsoft Graph Explorer
- Accessing MS Graph API with directly obtained token issue
- Not able to get access_token for Microsoft Graph API OAuth 2.0 using username & password
- Unable to get bearer token from Azure AD to use with API App
- Fail to authenticate user based on access token - MS Graph API C#
- InvalidAuthenticationToken error with microsoft graph
- Getting the access token for Microsoft Graph API
- Access token issue while accessing the graph API
- invalid grant when trying to get token for azure AD graph api