Unable to generate authorization code via PKCE flow for SPA
I created a SPA application in Azure AD and trying to generate access token via PKCE flow from postman.
I am following this msdoc : Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft Entra | Microsoft Docs
To generate code, I am using below authorize endpoint as mentioned in above document like
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=myclientid
&response_type=code
&redirect_uri=myredirecturi
&response_mode=query
&scope=https://graph.microsoft.com/.default
&code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
&code_challenge_method=S256
But I am getting error like below:
AADSTS501491: Invalid size of Code_Challenge parameter.
What is the valid value for code_challenge parameter and how to generate it?
This error "Invalid size of Code_Challenge parameter." usually occurs if the code_challenge is invalid. Make sure to generate a valid code_ challenge.
To generate code_challenge, you can make use of this tool like below:
I tried in my environment and got the code value successfully including the above the code challenge value:
Make sure to include origin header like below:
After including all the required parameters, I was able to generate access token successfully via PKCE flow from Postman like below:
- Sharepoint online 'Unsupported app only token.'
- Can't get events with open extension in Microsoft Graph API
- Provide SSL certificate for internal Website
- Getting "Unable to complete authentication for user due to looping logins" while making an api call through postman to azure
- azure ad difference between group based and role based authorization
- Powershell EntraID - Get display names of user groups
- Questions on microsoft azure portal app registration
- API Access to SharePoint Files/Lists via SharePoint REST, API & MSAL, using deamon/service account
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Id token in microsoft with ./Default scope
- Unattended authentication using Azure Active Directory- UserCredential not accepting username and password
- Assigning Roles to a Group and scoping that to an Admin Unit programatically in Entra
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- Access Sharepoint Online Files from .NET Worker Service via Microsoft Graph/OAuth - Unauthorized or Access Denied error (401)
- Get-RemoteDomain in powershell exchange online error : The term 'Get-RemoteDomain' is not recognized as the name of a cmdlet
- Azure Storage accounts container public access level has dissabled
- How to get "exp" from jwt token and compare with it current time to check if token is expired
- How to refresh client assertion in ConfidentialClientApplication?
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- How to extract TLS 1.X of all app services/web app running Azure
- Why Can't I See Roles Assigned to an App Registration in Azure?
- Connect C# ASP.NET Core web app to Microsoft Graph calendar
- Is there a way to find out all users of a particular group in AzureAD?
- MSAL Redirect on Failure AADSTS50105
- Microsoft Power BI REST API PowerBINotAuthorizedException
- AzureAD SAML SSO through AWS Cognito - doesn't match requested authentication method
- How to get username after logged in?.I am trying with MSAL (@azure/msal-angular) for Azure Signin
- Display all the user's files using Microsoft Graph API not working
- Get Access Token from Microsoft Graph for ClientId with delegated permissions
- How to call Microsoft Graph API from ASP.NET Core Web API that is called by SPA