I've the following auth code copied from the browser for a user who granted our app to use their Office 365 email.
code=OAQABAAIAAADRNYRQ3dhRSrm-4K-adpCJ3J3UJ8GyC2qJDvNhlrUAObjph6sQ3A9waeQ5Tr-DA6WzxCdFbvadCRJw2S4a_lwA7MyelZWAPQZOlaB_X_1165CbmTXJMGioU6Cr0DhVTUzIlUv_-Svjp8DBrLVCxcDp5rJMM5mDNR0iGysuDIozWnOaPqCOl35NxPzyktrYK6D1MBptmXOPbhS-stTZXbHJr9gGE3FHzMU0XANXmTm30q4SPaoWPch-S1uFFL4xwS2oUv-lELBdcfIGh5UJBSraabGihVWUnbwBhh8eURSMRwryi7kubUcq0D27S-vIVZhtKopemQ1njAcExO58S7EgAyqbIzMxvmBXBe0X1ieVrcyHYRpt4ZAq1Z4v5HLTrYhx5fGp6AkqhV09yri3bqXaZvw5R1hKuhAbRDt_isZn_L8ZEhfwnqICGUwpDU27c6Qd1txuiOVY90a4BiAUh1M1u5gjDx8nIE88R7S915w7mUjJtCzZuTKQavve8q8UOtm9udUvBOX1f-bYslpgiIRbdSYBYlP9UrbreLS1W6OFk2NX-uqp9mabyImvvj1RUm166qV6uc9hsuhzrfErDURC17JotuQBSWYauAvb38p5B-cDbsCZafpyORlbrWsYyQcdWwUPL0aOZEQXFW-v3gDw7Xri_9hvsiHrj10NTaaozqm1QpZmMf-SHJ0yF9wBWKYgAA
Application works without a problem if we are using Microsoft Graph REST API v1 but the following problem happens when using version 2. It is registered with delegate permissions that grants us Read, Write/Send permission which work fine with V1 of the application.
For V2: authority =https://login.microsoftonline.com/common/oauth2/v2.0/token
and
to retrive auth code I use the following url
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=30..7&response_type=code&scope=mail.read&redirect_uri=https://myurl:8443/controller/saveToken
Code block causing the issue:
@Override
public AuthenticationResult getToken(String authCode) {
ExecutorService service = Executors.newFixedThreadPool(1);
OfficeCredentials credentials = getCredentials();
try {
AuthenticationContext context = new AuthenticationContext(credentials.getAuthority(), true, service);
final Future<AuthenticationResult> resultFuture = context.acquireTokenByAuthorizationCode(
authCode, new URI(credentials.getRedirectUri()), new ClientCredential(credentials.getClientId(),
credentials.getClientSecret()), credentials.getResourceUrl(), null);
return resultFuture.get();//throws exception
} catch (URISyntaxException e) {
logger.error(e.getMessage());
} catch (MalformedURLException e) {
logger.error(e.getMessage());
} catch (Exception e) {
logger.error(e.getMessage());
}
return null;
}
Exception when resultFuture.get() is called
java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS70000: Transmission data parser failure: Authorization Code is malformed or invalid.\r\nTrace ID: c37b4aba-c5fb-44f3-815c-dd798072095d\r\nCorrelation ID: e190ccd2-f98a-440c-8e79-69cfcead3c04\r\nTimestamp: 2017-02-06 17:53:30Z","error":"invalid_grant"}
I don't know what I am doing wrong as I am trying to migrate to v2. redirect_uri is same as defined in azure and it is HTTPS. I already made my local env't accept HTTPS by following this. FYI: I am using adal4 java library.
At present, the adal4j library doesn't support the Azure AD v2.0 endpoint(refer here). Event we set the authority for the v2.0 endpoint, it still use the old one.
As a workaround, you may compose the HTTP request directly. Here is the sample request for your reference( refer here):
POST: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
client_id={clientId}&client_secret={clientSecret}&scope={scope}&code={authorizationCode}&grant_type=authorization_code&redirect_uri={redirectUri}
And if you want the adal4j library to support Azure AD v2.0 endpoint, you can submit the feedback from here.