2

I am trying to authenticate to Azure service management / graph API using golang. Using purely REST APIs. No matter what I do, I always end up with error:

{"error":"invalid_request","error_description":"AADSTS900144: The request body must contain the following parameter: 'grant_type'.

Since I am not using SDK there is limited samples out there. Any help would be appreciated.

package main

import (
    "bytes"
    "encoding/json"
    "io/ioutil"
    "log"
    "net/http"
)

func main() {

    authendpoint := "https://login.microsoftonline.com/8xxxxx7-6372-4bcb-xxx-xxxxxx/oauth2/token"

    jsonData := []byte(`{
        "resource":      "https://graph.microsoft.com",
        "client_id":     "xxxxxxxx-7549-4ea2-b00d-xxxxxxxxxxx",
        "client_secret": "Q.xxxxxxxxxxxxxx-6_CgA4yOi_8sS-",
        "grant_type":    "client_credentials",
        }`)

    request, err := http.NewRequest("POST", authendpoint, bytes.NewBuffer(jsonData))
    request.Header.Set("Content-Type", "application/json")
    client := &http.Client{}
    resp, err := client.Do(request)

    if err != nil {
        log.Fatal(err)
    }
    body, err := ioutil.ReadAll(resp.Body)
    var res map[string]interface{}

    json.NewDecoder(resp.Body).Decode(&res)
    log.Println(string(body))
}
Grokify
  • 15,092
  • 6
  • 60
  • 81
Sumesh
  • 123
  • 2
  • 13
  • If I remember correctly it expects the `Content-Type` to be `application/x-www-form-urlencoded`, not `application/json` – Prav Jul 19 '21 at 21:45
  • According to the documentation, your implementation is slightly wrong. https://learn.microsoft.com/en-us/graph/auth/auth-concepts#register-your-app-with-the-microsoft-identity-platform – Prav Jul 19 '21 at 21:49
  • JSON format is not valid. Remove `,` after `"client_credentials"` in the JSON data. – cod3rboy Jul 20 '21 at 04:32
  • @cod3rboy tried that earlier and tried it again now. it doesnt help. – Sumesh Jul 20 '21 at 05:51

2 Answers2

2

The Microsoft request docs posted by Praveen Premaratne show the request needs to be formatted using Content-Type: application/x-www-form-urlencoded which is a requirement for the OAuth 2.0 standard.

Here's the Microsoft docs and example:

https://learn.microsoft.com/en-us/graph/auth/auth-concepts#register-your-app-with-the-microsoft-identity-platform

POST /common/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=user.read%20mail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrh

Here's how to accomplish this:

package main

import (
    "fmt"
    "net/http"
    "net/url"
    "strings"
)

func main() {
    authendpoint := "https://login.microsoftonline.com/8xxxxx7-6372-4bcb-xxx-xxxxxx/oauth2/token"
    body := url.Values(map[string][]string{
        "resource":      {"https://graph.microsoft.com"},
        "client_id":     {"xxxxxxxx-7549-4ea2-b00d-xxxxxxxxxxx"},
        "client_secret": {"Q.xxxxxxxxxxxxxx-6_CgA4yOi_8sS-"},
        "grant_type":    {"client_credentials"}})

    request, err := http.NewRequest(
        http.MethodPost,
        authendpoint,
        strings.NewReader(body.Encode()))
    if err != nil {
        panic(err)
    }

    request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
    client := &http.Client{}
    resp, err := client.Do(request)
    if err != nil {
        panic(err)
    }
    fmt.Println(resp.StatusCode)
}
Grokify
  • 15,092
  • 6
  • 60
  • 81
  • 1
    Thanks Grokify and @Praveen Premaratne . For some reason i kept thinking that it also works with JSON and have been wasting time trying to make it work. Maybe I got confused with normal requests that take JSON as input. But worked with PostForm on the first try!!! – Sumesh Jul 20 '21 at 16:08
0

for me, it worked when I removed resource from the request body and added scope as new parameter in body.

C.P. Soni
  • 1
  • 1