1

I have a php web app built upon Laravel 5 / Socialite, where I am trying to implement a SSO solution with windows azure AD OAuth flow, but I am getting a generic "400 Bad Request Error" on the second OAuth request for an Access Token.
The first request to the office 365 authorize URL is successful and returns an authorization code to my app, but when I try to get a user access token it fails.

I have checked and rechecked my request and it appears correct as much as I can tell:

POST https://login.windows.net/common/oauth2/token

HEADERS

Host:login.windows.net
Content-type:application/x-www-form-urlencoded
User-Agent: wTrack/.001
Date: Thu, 21 May 2015 02:48:43 GMT

BODY

client_id=1ad9f025-dfaf-4cb7-a9ff-29ea619bab44&
client_secret=<secret>&
code=<code>&
redirect_uri=https%3A%2F%2Fwtrack.dev%2Flogin%2Fmicrosoft&
grant_type=authorization_code

I have been looking at this for quite some time. Any help that could be provided would be greatly appreciated.

Josh Ripley
  • 239
  • 1
  • 5
  • 17
  • As a rule response with status 400 contains a JSON with explanatory message. Could you please check it and post it if it exists? – Igor Popov May 23 '15 at 00:43
  • Thank you for the advice @Igor. Once I knew the JSON information was there, I dug around until I found it :) Turns out I was getting the error because I was not including the `resource` parameter in the body of the POST request. – Josh Ripley May 26 '15 at 17:02

1 Answers1

2

Make sure your redirect_uri is the same as the one you used for the authorization code request. Also, you might try adding the resource parameter in your request body.

Jason Johnston
  • 17,194
  • 2
  • 20
  • 34
  • The issue was that I wasn't including the `resource` parameter in the POST body (even though the documentation says its optional). I did not find this as the Socialite/Guzzle library doesn't include the relevant error in their generic error logs until exposed through catch. I now getting another error: `AADSTS90027: The client '...' and resource '...' identify the same application` Which is addressed [here](https://stackoverflow.com/questions/25212950/stuck-between-two-errors-in-an-azure-oauth2-token-request), but to me doesn't seem like a very good solution. Thanks for the recommendation. – Josh Ripley May 26 '15 at 17:10
  • Did you figure it out? I'm having the same issue: http://stackoverflow.com/questions/38648978/azure-ad-oauth2-access-token-request-error-400-bad-request – mattyb Jul 29 '16 at 01:09