Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to generate access_token for grant_type password in Azure AD for MS graph api

Tags:

azure

azure-active-directory

microsoft-graph-api

I have use followed these two links to generate access_token password grant_type

  1. https://dzone.com/articles/getting-access-token-for-microsoft-graph-using-oau-2?preview=true
  2. https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc?tabs=app-reg-ga

I used below curl request

curl --location --request POST 'https://login.microsoftonline.com/910f-90d18b56a170/oauth2/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=4b5d-bde6-0b1a09b84a5f' --data-urlencode 'client_secret=q4720z4z_6N8CU-c7qEwx2a' --data-urlencode 'grant_type=password' --data-urlencode '[email protected]' --data-urlencode 'password=xxxxxxx' --data-urlencode 'resource=https://graph.microsoft.com' --data-urlencode 'scope=openid'

Below is the response

{
    "error": "invalid_grant",
    "error_description": "AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: 21fdd138-0bc6-49bd-8852-c7a6a3a1e600\r\nCorrelation ID: a1010714-38f6-4926-a135-568adcdada26\r\nTimestamp: 2020-12-15 16:44:37Z",
    "error_codes": [
        50126
    ],
    "timestamp": "2020-12-15 16:44:37Z",
    "trace_id": "21fdd138-0bc6-49bd-8852-c7a6a3a1e600",
    "correlation_id": "a1010714-38f6-4926-a135-568adcdada26",
    "error_uri": "https://login.microsoftonline.com/error?code=50126"
}

I don't know why response suggests that my credentials are in-valid even-though I'm passing right creds.

like image 243
devops-admin Avatar asked Sep 13 '25 13:09

devops-admin

1 Answers

Facing the same issue when I run the below query with wrong credentials enter image description here

After providing the right credentials to below curl operations able to get token

  curl -X POST -d "client_id=clientid&scope=user.read&grant_type=password&username=username &password=password&resource=https://graph.microsoft.com " https://login.microsoftonline.com/tenantid/oauth2/token

enter image description here

enter image description here

Note :Microsoft recommends you do not use the ROPC flow. In most scenarios, more secure alternatives are available and recommended. This flow requires a very high degree of trust in the application, and carries risks which are not present in other flows. You should only use this flow when other more secure flows can't be used.

like image 50
Sruthi J Avatar answered Sep 16 '25 03:09

Sruthi J

Sign in to Comment

Related questions

How to select templates when using the Microsoft.Azure.NotificationHubs.Installation class?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!