2

I am using Postman to query the graph API for the list of applications on my instance of AAD.

Auth URL: https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2Fmanagement.azure.com%2F

Access Token URL: https://login.microsoftonline.com/common/oauth2/token

With these, I'm able to get the access token. Now when I attempt to query the graph API for the list of Applications, along with the access token included in the header, I get the following error:

{ "error": { "code": "InvalidAuthenticationToken", "message": "Access token validation failure.", "innerError": { "request-id": "***-***-***", "date": "2017-07-25T16:21:06" } }

}

Is there a way to resolve this?

Edit: I also found something weird that when I receive the Access token, I do not receive the refresh token along with it :|

Thanks!

Improve this question

1 Answer 1

Reset to default
2

The resource value in the Auth URL is not the graph API endpoint, so the access token you obtained is for another resource and the graph API cannot validate it. For graph API the endpoint should be https://graph.microsoft.com/

Refresh tokens are not issued for certain OAuth grant types such as the client credentials flow because the client can use its credentials to obtain a new token as required. This may be the reason you don't see the refresh token. In a flow which involves user interaction, the refresh token is used to obtain a new token without requiring user interaction.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.