Surya
Reputation: 3
Unable to get oauth v2.0 access_token from v2.0 Azure tokenEndpoints
I have registered a multi-tenant app in Azure Active directory, I am using all oauth v2.0 endpoint in IBM Websphere OIDC TAI configuration. But still I am getting the accesss_token of v1.0, which has obviously a different issuer and hence it is failing in JWT validation while matching the issuer identifier. I am expecting this,
"iss": "https://login.microsoftonline.com/my-tenant-id/v2.0"
But I am getting this,
"iss": "https://sts.windows.net/my-tenant-id/",
I am using Microsoft Graph APIs.
Upvotes: 0
Views: 243
Answers (1)
Gary Archer
Reputation: 29273
If you need to get an access token that can be validated in the standard way you need to 'expose an API scope' so that you get a verifiable token, as AllenWu says.
Azure AD behaviour is a little unintuitive and my Visual Blog Post should enable you to work out what you need to do.
See steps 3, 6 and 7.
Upvotes: 1
Related Questions
- invalid_grant error when obtaining access token
- Azure AD only generates invalid Access Token to use with Microsoft Graph
- Obtaining a valid access token for Microsoft Graph API
- Microsoft graph API: Unable to fetch users with the generated access token
- Unable to get access token from Azure AD when using Microsoft Graph Explorer
- Token Generation with /oauth2/token MS Azure API returns AADSTS50034 error
- How to get / generate access token from azure OAuth 2.0 token (v2) endpoints?
- Not able to get access_token for Microsoft Graph API OAuth 2.0 using username & password
- Calling /token endpoint does not give me an access_token
- Azure AD OAuth2 Access Token Request Error - 400 Bad Request