1

hey guys I want to create access to my onedrive account to upload file via node.js from my home pc windows.

I created a app at https://apps.dev.microsoft.com
Also I created a client secret there and added a web platform and changed the redirect url from localhost to https://login.live.com/oauth20_desktop.srf

Then I used this link in my browser https://login.live.com/oauth20_authorize.srf?client_id=ab82982b-4dxxxxxxxxxxxxxxxxx&scope=files.readwrite.all&response_type=code

The Url from my browser changed to https://login.live.com/oauth20_desktop.srf?code=M494a5b9fxxxxxxxxxxxxxxxxxxxxxxx&lc=1031

Then I make a POST Request like they told on https://dev.onedrive.com/auth/graph_oauth.htm

with 

request({
  uri: "https://login.microsoftonline.com/common/oauth2/v2.0/token?"
  + "&client_id=ab82982b-4dbe-4c6b-a1fe-2d60d01709fd&"
  + "client_secret=TkYZhYyuEiSoqhCxbh4Dqh3"
  + "&code=M494a5b9f-5577-3454-a78c-cef649a512c0"
  + "&grant_type=authorization_code",
  method: "POST",
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded'
  }
}, function(error, response, body) {
  console.log('body: ', body);
});

But the output is

body:  {"error":"invalid_request","error_description":"AADSTS90014: The 
request body must contain the following parameter: 'grant_type'.\r\nTrace 
ID:
de2c2dxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\r\nCorrelation ID: 
de2f8b83xxxxxxxxxxxxxxxxxxxxxxxxx\r\nTimestamp: 2017-07-31 13:40:52Z","error_codes":[90014]
,"timestamp":"2017-07-31 13:40:52Z","trace_id":"de2c2da2xxxxxxxxxxxxxxxxxxx","correlation_id":"de2f8b8xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}

Please help I struggle so hard with this API token stuff ..

EDIT from the comment below I changed too

request.post({url:'https://login.microsoftonline.com/common/oauth2/v2.0/token', form: {
    redirect_uri: 'https://login.live.com/oauth20_desktop.srf',
    client_id: 'abf3247c-d56a-xxxxxxxxxxxxxxxxxxxxx',
    client_secret: '3o6xxxxxxxxxxxxxxxxxxxxxxxxxxxx',
    code: 'M8aad1bcf-xxxxxxxxxxxxxxxxxxxxxxxxxx',
    grant_type: 'authorization_code'
}
}, function(err,httpResponse,body){ /* ... */ 
console.log('err: ' + err)
console.log('body: ' + body)
})

But now I get "error":"invalid_request","error_description":"AADSTS90023: Public clients can't send a client secret.

I google this and read that I cant make client secret request with desktop apllications. But I created a web application at https://apps.dev.microsoft.com

Also I delete the client secret from the request I get error that the redirect url is wrong. Please send me working code examples I struggle with this now for several days ..

This is so difficult aaaaaaaaaaaaaaaaaaaaaaahhhhhhhhhhhhh :D Please help

t33n
  • 270
  • 1
  • 3
  • 17
  • Try sending the request with an additional `form` argument? I'm not sure if the `request` module automatically parses URIs. Example of using url-encoded form is found [here](https://github.com/request/request/blob/master/README.md) – spicypumpkin Jul 31 '17 at 14:10
  • Ah I think I know what you mean I will try – t33n Jul 31 '17 at 14:17

1 Answers1

1

Have your this question been opened yet? It seems that you want to retrieve access token and refresh token. If I misunderstand your question, I'm sorry.

I think that your modified script for retrieving access token is not wrong. Please confirm the authorization flow again.

  1. Add application at https://apps.dev.microsoft.com/
  2. Input Application Name. In this case, don't use Guided Setup
  3. Create Application secret.
  4. Platform is web. In this case, redirect URL is http://localhost
  5. Retrieve code from https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=### Application ID ###&scope=offline_access%20files.readwrite.all&response_type=code&redirect_uri=http://localhost
    • Please inport above URL to your browser, and retrive the code from redirected URL.
    • Here, in order to upload files, it includes files.readwrite.all in the scope.
    • Refresh token can be retrieved by including offline_access to the scope.
  6. Run the following your script to retrieve access token and refresh token.

Script :

request.post({
    url:'https://login.microsoftonline.com/common/oauth2/v2.0/token',
    form: {
        redirect_uri: 'http://localhost',
        client_id: 'abf3247c-d56a-xxxxxxxxxxxxxxxxxxxxx',
        client_secret: '3o6xxxxxxxxxxxxxxxxxxxxxxxxxxxx',
        code: 'M8aad1bcf-xxxxxxxxxxxxxxxxxxxxxxxxxx',
        grant_type: 'authorization_code'
    }
}, function(err,httpResponse,body){
    console.log('body: ' + body)
});

Response :

You can retrieve following response.

{
  "token_type": "Bearer",
  "scope": "Files.ReadWrite.All",
  "expires_in": 3600,
  "ext_expi
res_in": 0,
  "access_token": "#####",
  "refresh_token": "#####"
}

If this is not a solution for you, I'm sorry.

Script for retrieving access token from refresh token :

request.post({
    url:'https://login.microsoftonline.com/common/oauth2/v2.0/token',
    form: {
        redirect_uri: 'http://localhost',
        client_id: 'abf3247c-d56a-xxxxxxxxxxxxxxxxxxxxx',
        client_secret: '3o6xxxxxxxxxxxxxxxxxxxxxxxxxxxx',
        refresh_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxx',
        grant_type: 'refresh_token'
    }
}, function(err,httpResponse,body){
    console.log('body: ' + body)
});
Tanaike
  • 181,128
  • 11
  • 97
  • 165
  • I tried this way before with localhost as redirect url but it net never worked. Now I figured out why because If I visit http://localhost I get redirected to http://localhost/dashboard and this was the resone I never saw the code in the url. I change the redirect url to http://localhost/dashboard and get the code. I also now get my access token thank you! But this token also expire in 1h. If I reuse the code it told me the code is expired. But I dont want to open always the code request url in my browser. How do I made it complete with node.js? – t33n Aug 02 '17 at 02:05
  • @t33n When you run the script, was refresh token included in the response? When the scope is the same to my answer, you could retrieve the refresh token. Please confirm it. You can retrieve the access token using the refresh token. In this case, you are not necessary to open your browser. And if you cannot the redirect URI of ``http://localhost``, you can use ``http://localhost:8080`` using port number. You can set the port number. – Tanaike Aug 02 '17 at 02:12
  • @t33n The refresh token has also the life time. But it is up to 1 year. https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-tokens#token-lifetimes – Tanaike Aug 02 '17 at 02:25
  • Yes I got a refresh token and tried to include it in my upload script but get error: Error: Missing params.accessToken. Can you tell how do you recieve always new access token with the refresh code what code do you use? I tried something like this but get the missing error above https://pastebin.com/ but I use this unoffical onedrive npm module. do you have sample code for uploading files with refresh token? – t33n Aug 02 '17 at 02:25
  • @t33n You can find the method for retrieving access token from refresh token from here. https://dev.onedrive.com/auth/graph_oauth.htm#step-3-get-a-new-access-token-or-refresh-token – Tanaike Aug 02 '17 at 02:27
  • @t33n Added the sample script to my answer. Please confirm it. – Tanaike Aug 02 '17 at 02:36
  • YEHA DUDE FINALLY IT WORKED. You explained it very well and helped me a lot. Thank you so much. When you first time see oAuth2 it´s very confusing .. Thank you so much :) – t33n Aug 02 '17 at 02:40
  • 1
    @t33n Welcome and thank you, too. Because I used OneDrive for the first time, I also could study here. oauth2 is the same structure even if the site is different. So you will also be able to use it at other sites. – Tanaike Aug 02 '17 at 02:45