0

I already got the authorization code. I try to get access token with the following code:

string requestUrl = "https://login.live.com/oauth20_token.srf";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(requestUrl);
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
string fields = string.Format("client_id={0}&redirect_uri={1}&client_secret={2}&code={3}&grant_type=authorization_code", clientId_, "https://login.live.com/oauth20_desktop.srf", clientSecret_, authorizationCode_);
var data = Encoding.ASCII.GetBytes(fields);
request.ContentLength = data.Length;
using (Stream stream = request.GetRequestStream())
{
    stream.Write(data, 0, data.Length);
}
var response = (HttpWebResponse)request.GetResponse();

The last string always raises an WebException: Bad Request

Update: Just remove client_secret from fields and get the access token:

string fields = string.Format("client_id={0}&redirect_uri={1}&code={2}&grant_type=authorization_code", clientId_, "https://login.live.com/oauth20_desktop.srf", authorizationCode_);
Aleksey
  • 179
  • 1
  • 1
  • 13
  • How are you gathering the data necessary for the ``fields`` of the POST request? Are you using a tool such as [Fiddler](http://www.telerik.com/fiddler)? – Patrick Bell Mar 15 '16 at 14:18
  • Yes, I have registered my app in https://apps.dev.microsoft.com. So I have got client id and client secret. And I can get the authorization code in the previous step. No I have not used Fiddler for this. – Aleksey Mar 15 '16 at 14:53
  • is the redirect_uri (https://login.live.com/oauth20_desktop.srf) the one you used to get the authorizationcode on the first call? I thought that was the default uri for when you don't provide a client_secret? – iandayman Mar 15 '16 at 15:21
  • Thank you, ext0. When I used Fiddler I got more details: {"error":"invalid_request","error_description":"Public clients can't send a client secret."} – Aleksey Mar 15 '16 at 15:34
  • Yes, iandayman. I use "login.live.com/oauth20_desktop.srf" to get authorization code. – Aleksey Mar 15 '16 at 15:37
  • Thanks again. Just removed client_secret from fields and got the access token. – Aleksey Mar 15 '16 at 15:47

0 Answers0