locked
OAuth2 Authentication issues RRS feed

  • Question

  • Hi All,

    I’m trying to request an OAuth2 token from ADFS using this guide.

    OAuth2 Example

    This works fine on my development machine which uses its own AD, however on our production AD I am having issues.

    I send my first GET request to retrieve the authorization code using the following format-

    https://<ADFS_SERVER>/adfs/oauth2/authorize?response_type=code&client_id=<CLIENT_ID>&resource=<RESOURCE_URN>&redirect_uri=<REDIRECT_URI>

    This quite happily returns an authorization code in the query string of the redirect uri.

    Next I do my POST request to retrieve the token using the following details…

    URL

    https://<ADFS_SERVER>/adfs/oauth2/token

    Header

    content-type: application/x-www-form-urlencoded

    Body

    grant_type=authorization_code&client_id=<CLIENT_ID>&redirect_uri=<REDIRECT_URI>&code=<CODE_FROM_STEP_1>

    This works fine on the dev AD and returns an access token, but on our corporate AD returns the following…

    {"error":"invalid_grant","error_description":"MSIS9612: The authorization code received in 'code' parameter is invalid. "}

    Even though the code I send is the one I just received from the GET request. I did notice that the authorization request always returns a different code for the same user, is this correct? Because of this I thought it maybe that the code was invalidated as soon as I retrieved it.

    Any help greatly appreciated.

    Regards

    Chris

    Tuesday, June 21, 2016 1:20 PM

All replies

  • This is ADFS 3.0?

    You have two AD so you must have two ADFS.

    Is the RP configured the same on both?

    Same grants etc.?

    Have you compared the users on each AD?

    Both the same?

    Both have the same attributes e.g. UPN, name etc.?

    Tuesday, June 21, 2016 7:11 PM
  • How you solved this issue? I am having the same issue {"error":"invalid_grant","error_description":"MSIS9612: The authorization code received in 'code' parameter is invalid. "}
    Thursday, December 27, 2018 4:07 AM