def get_access_token(authorization_code):
token_url = "https://login.microsoftonline.com/xxxx-xxxx-xxxx-xxxx-xxxxcxxxxe/oauth2/v2.0/token"
redirect_uri = "https://localhost/api/oauth2/callback"
client_id = "xxxxxx-xxx-xxxx-xxx-xxxxxx"
client_secret = "xxxx~xxxxx~xxxx_xxxxxxxxx"
scope = "https://graph.microsoft.com/.default"
headers = {'Content-Type' : 'application/x-www-form-urlencoded'}
token_data = {
'grant_type': 'client_credentials',
'code': authorization_code,
'redirect_uri': redirect_uri,
'client_id': client_id,
'client_secret': client_secret,
'scope': scope,
}
response = requests.post(token_url, headers = headers, data=token_data)
token_json = response.json()
if 'access_token' in token_json:
return token_json['access_token']
else:
raise Exception(f"Error fetching access token: {token_json.get('error_description', 'Unknown error')}")
I can't find any user information within the bearer that Microsoft provides. The token end point seems to be correct and I get all the user info within Microsoft Graph Explorer but can't on my django app.
Edit:
Changing Grant type to 'authorization_code' gives me error that OAuth2 was already redeemed. I am using Django Auth ADFS library within my Djano App where I think the code is already been redeemed. I cannot directly make changes within the Library. Is there any other way to get the OAuth2 Code?
The error is because you are making use of Authorization code flow but passing parameter value as client credentials for grant_type.
Initially, I registered Microsoft Entra ID Application in B2C tenant:
Granted Delegated type User.Read.All
API permission:
To resolve the error modify code l:
import requests
def get_access_token(authorization_code):
# Replace these with your actual values
tenant_id = "<tenant_id>" # Update this with your actual tenant ID
token_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
redirect_uri = "http://localhost:5000" # This must match the redirect URI configured in your app registration
client_id = "<client_id>" # Your app's client ID
client_secret = "<client_secret>" # Your app's client secret
scope = "https://graph.microsoft.com/.default" # The scope for your request
# Set up the headers and body for the token request
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
token_data = {
'grant_type': 'authorization_code', # Use authorization_code for this flow
'code': authorization_code, # The authorization code received from the redirect
'redirect_uri': redirect_uri, # Redirect URI must match the one configured in your app
'client_id': client_id, # The app's client ID
'client_secret': client_secret, # The app's client secret
'scope': scope, # Scopes you want to request
}
# Make the POST request to get the token
response = requests.post(token_url, headers=headers, data=token_data)
# Parse the response and check for errors
token_json = response.json()
# Check if the access token was successfully obtained
if 'access_token' in token_json:
return token_json['access_token']
else:
error_message = token_json.get('error_description', 'Unknown error')
raise Exception(f"Error fetching access token: {error_message}")
def get_users(access_token):
# Initial URL for fetching users from Microsoft Graph API
graph_url = "https://graph.microsoft.com/v1.0/users"
headers = {"Authorization": f"Bearer {access_token}"}
users = []
while graph_url:
response = requests.get(graph_url, headers=headers)
if response.status_code == 200:
data = response.json()
users.extend(data.get("value", [])) # Add the current batch of users
graph_url = data.get("@odata.nextLink") # Get the next page link, if it exists
else:
raise Exception(f"Error fetching users: {response.status_code} - {response.text}")
return users
def print_users(users):
# Print user details in a formatted table
print(f"{'Display Name':<30} {'ID':<40} {'Email':<40}")
print("-" * 110)
for user in users:
display_name = user.get("displayName") or "N/A" # Safely handle None values
user_id = user.get("id") or "N/A" # Safely handle None values
email = user.get("mail") or "N/A" # Safely handle None values
print(f"{display_name:<30} {user_id:<40} {email:<40}")
# Example usage
authorization_code = input("Enter the authorization code: ")
try:
# Step 1: Get the access token
access_token = get_access_token(authorization_code)
print("Access token :", access_token)
# Step 2: Get the list of users using the access token
users = get_users(access_token)
# Step 3: Print the users with displayName, id, and mail
print_users(users)
except Exception as e:
print(e)
To get code
, I ran below authorization request in browser:
https://login.microsoftonline.com/<b2c_tenant_id>/oauth2/v2.0/authorize?
&client_id=<app_id>
&client_secret = <client_secret>
&redirect_uri= http://localhost:5000
&response_type=code
&response_mode=query
&scope= https://graph.microsoft.com/.default
Response: