Microsoft OAuth 2.0 Authorize endpoint complains about missing secret

Question

I am trying to create an online meeting with a web application using the Microsoft Graph API.

When I try to initiate an authorization request to get permissions from the end-user to create a token with a similar URL to:

https://login.live.com/oauth20_authorize.srf?state=xxx&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&response_type=code&approval_prompt=auto&client_id=xxx

I get the following error message from the Microsoft API:

The client does not have a secret configured. If you are the client application developer, configure a secret through the application management site at https://go.microsoft.com/fwlink/?linkid=2083908.

I have a secret configured for the application in the "Certificates & secrets" part under the "Client secrets":

I have no clue what I am missing here and the Microsoft documentation is not really helpful.

Answer 1

The solution was to change the authorize and token endpoint to https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize and to https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token respectively as it is described here.

In my case - since I want to support multiple tenants - I could not fill out the {tenant} part of the URL with the actual tenant id, but I needed to set organizations since as it is described here only work or school accounts are supported.

So the final URLs changed to the following:

• Authorize: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
• Token: https://login.microsoftonline.com/organizations/oauth2/v2.0/token