Microsoft partner API: can't authenticate

Question

I've created an app in Azure AD and followed this steps (Application and user access): https://github.com/MicrosoftDocs/partner-rest/blob/docs/partner-rest/develop/api-authentication.md

From what I understand the Microsoft Partner API only works with MFA, so I can't authenticate using username + password to https://login.microsoftonline.com.

To get an access_code, I perform these steps:

Open the url in my browser: https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize?client_id=CLIENT_ID&response_type=code&redirect_uri=https://****/test.php&response_mode=form_post&scope=offline_access%20openid%20profile%20User.Read&state=1
On the callback url, I receive a code, which I use to request the access_code. I perform the following request:

curl --request POST 'https://login.microsoftonline.com/TENANT_ID/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_secret=CLIENT_SECRET' \
--data-urlencode 'resource=https://api.partner.microsoft.com' \
--data-urlencode 'code=CODE_FROM_PREVIOUS_REQUEST' \
--data-urlencode 'redirect_uri=https://****/test.php'

Now I have the access_code and the refresh_token

This is where I'm stuck, I use the access_token in the following request:

curl --request GET 'https://api.partnercenter.microsoft.com/v1/customers' \
--header 'Authorization: Bearer ACCESS_TOKEN'

But I get an 401 invalid_grant error. I also found this article from a similar problem, but that didn't help.

Try passing resource as `4990cffe-04e8-4e8b-808a-1175604b879f/user_impersonation` or `https://api.partner.microsoft-int.com/user_impersonation` and generate the access token. — Rukmini, Mar 23 '23 at 10:29
Thank you for this. With your first resource I receive a token, but when I use this access token with the Partner Center API, I still get the 401 invalid_grant error. — Marijn, Mar 23 '23 at 11:45
Did you try using this resource`https://api.partner.microsoft-int.com/user_impersonation`? — Rukmini, Mar 23 '23 at 11:49
While generating the code you have used v2 endpoint and while generating token you have used v1 endpoint. Make sure to use same endpoint. — Rukmini, Mar 23 '23 at 13:12
I tried using v1 or v2 for both, but that's also not working. Also when I try resource `https://api.partner.microsoft-int.com/user_impersonation` I get this error: AADSTS500011: The resource principal named resourcehttps://api.partner.microsoft-int.com/user_impersonation was not found in the tenant — Marijn, Mar 23 '23 at 15:29

score 0 · Answer 1 · edited May 26 '23 at 02:59

0

Try to use a refresh_token in the call to the Partner Center API instead of an ACCESS_TOKEN. I had a similar issue and was able to bypass the 401 invalid_grant error with this.

edited May 26 '23 at 02:59

Jeremy Caney

7,102
69
48
77

answered May 22 '23 at 06:23

Matey Dzhigoshev

1
1

Microsoft partner API: can't authenticate

1 Answers1