Hi All,
I’m trying to request an OAuth2 token from ADFS using this guide.
OAuth2 Example
This works fine on my development machine which uses its own AD, however on our production AD I am having issues.
I send my first GET request to retrieve the authorization code using the following format-
https://<ADFS_SERVER>/adfs/oauth2/authorize?response_type=code&client_id=<CLIENT_ID>&resource=<RESOURCE_URN>&redirect_uri=<REDIRECT_URI>
This quite happily returns an authorization code in the query string of the redirect uri.
Next I do my POST request to retrieve the token using the following details…
URL
https://<ADFS_SERVER>/adfs/oauth2/token
Header
content-type: application/x-www-form-urlencoded
Body
grant_type=authorization_code&client_id=<CLIENT_ID>&redirect_uri=<REDIRECT_URI>&code=<CODE_FROM_STEP_1>
This works fine on the dev AD and returns an access token, but on our corporate AD returns the following…
{"error":"invalid_grant","error_description":"MSIS9612: The authorization code received in 'code' parameter
is invalid. "}
Even though the code I send is the one I just received from the GET request. I did notice that the authorization request always returns a different code for the same user, is this correct? Because
of this I thought it maybe that the code was invalidated as soon as I retrieved it.
Any help greatly appreciated.
Regards
Chris
