0

i have a simple spring boot app and i am using these dependencies in my build.gradle.kts for my oauth2 with azure ad:

implementation("org.springframework.boot:spring-boot-starter-oauth2-client:2.4.2") implementation("com.azure.spring:azure-spring-boot-starter-active-directory:3.9.0")

I have a RestController that literally does not much. What it should do is, when i call localhost:8080/ i want azure ad be called and it should return my access token (not in the controller but at least i don't want to get any errors mentioned in the following sentences.).

@GetMapping("/")
fun helloWorld(): String? {
    return "Hello Users!"
}

However, in the network tab of chrome, i see that there are several calls happening against login.microsoftonline.com. I even recieve the code in one of those requests. So looking pretty good so far.

The last call however fails and returns the following error:

[invalid_request] AADSTS900144: The request body must contain the following parameter: 'client_id'. Trace ID: XXXXXX Correlation ID: XXXXXX Timestamp: 2021-09-30 13:15:30Z

I don't get it, because in one of the requests mentioned above, the client_id is included. So it gets correctly loaded out of my application.properties. I ofc also set the tenant_id and the secret in the app.props.

On google i could not find anything useful about that error, so i hope you can help me :)

Thanks in advance!

Splix
  • 1
  • 1
  • 1
  • 2
  • You should include application.properties. I have seen this error with Spring Security 5.8 when misconfiguring the ClientRegistration. I had clientAuthenticationMethod set to ClientAuthenticationMethod.CLIENT_SECRET_BASIC, but had omitted the secret. – tanderson Feb 13 '23 at 00:46

2 Answers2

1

There are usually two causes for this error.

  1. The parameter: ‘client_id’ is missing from the request, therefore ensure the authentication request includes the required parameter.

  2. If you are hitting the token endpoint (i.e. https://login.microsoftonline.com/common/oauth2/token ), the Content Type is not set correctly. Ensure the content type is 'application/x-www-form-urlencoded' as a header in the request body.

Also check this so reference .

kavyaS
  • 8,026
  • 1
  • 7
  • 19
  • Thanks for your reply :) The thing is, that i don't have anything to do with the calls made to microsoft. This all happens under the hood by the above mentioned libraries and spring security. The Problem here is, that somehow the libraries don't make the call properly :/ So for explanation, when i hit the endpoint localhost:8080/ -> The libraries should do the calls with the properties defined in my application.properties to microsoft in order to get the user. AND they actually do the calls. Only thing here is, that somehow they are not doing the requests properly... :/ – Splix Oct 01 '21 at 13:55
0

Ok, so here are my two cents.

I am using the VsCode RestClient Extension and I am trying the POST Request as follows.

# This does NOT work
POST https://login.microsoftonline.com/35b02984-c026-40c5-8cb3-2267c184d48a/oauth2/v2.0/token HTTP/1.1
content-type: application/json

{
    "grant_type": "client_credentials"
}

I tried tweaking this in every which way, but always got this error message.

The request body must contain the following parameter: 'grant_type'

{ "error": "invalid_request", "error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: 71b6d6f5-4d0d-408b-b702-a935ec73f601\r\nCorrelation ID: 4684f398-ef8b-42f3-9016-fdc8458b1730\r\nTimestamp: 2022-09-30 06:36:12Z", "error_codes": [ 900144 ], "timestamp": "2022-09-30 06:36:12Z", "trace_id": "71b6d6f5-4d0d-408b-b702-a935ec73f601", "correlation_id": "4684f398-ef8b-42f3-9016-fdc8458b1730", "error_uri": "https://login.microsoftonline.com/error?code=900144" }

Finally this SO Question came to the rescue.

So now I modified the request to the following and this works.

POST https://login.microsoftonline.com/35b02984-c026-40c5-8cb3-2267c184d48a/oauth2/v2.0/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: Basic trusted:secret

grant_type=client_credentials
&scope=https://graph.microsoft.com/.default
&client_id=e7f0a65e-d4b8-499f-96c9-d92e3df41e14
&client_secret=JUx8Q~xiMv2hb9OVKz8xtc.cCHvqBvcqpH4sKb4K
VivekDev
  • 20,868
  • 27
  • 132
  • 202