Microsoft OAuth2 /token enpoint returns error code 900144 no matter what

Question

I'm trying to add OAuth2 ways to login to my app by following the instructions from their official docs. First step is to get the authorization code, I did it fine. However the next step doesn't work, it always gives me this error:

{
  "error": "invalid_request",
  "error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: ff270385-1331-498d-94a1-bcedad81d100\r\nCorrelation ID: d7d7cdd3-2994-4a41-b8b0-7aebca34e81b\r\nTimestamp: 2023-04-22 23:04:06Z",
  "error_codes": [
    900144
  ],
  "timestamp": "2023-04-22 23:04:06Z",
  "trace_id": "ff270385-1331-498d-94a1-bcedad81d100",
  "correlation_id": "d7d7cdd3-2994-4a41-b8b0-7aebca34e81b",
  "error_uri": "https://login.microsoftonline.com/error?code=900144"
}

It says it lacks the grant_type on the body, but the instructions said to put those as query params. I put them on a body, same error. I remove everything from query strings and put it all on the body, same error. I put everything on both places, same error.

I looked around and found people telling to add an Content-Type header of application/x-www-form-urlencoded, doesn't work either. More research and I found someone saying that adding another redirect URI with a trailing / on the Azure app did it for them, didn't do it for me.

At this point I just decided to mess around with the request and I discovered that no matter what I send, it always returns this error. I can give them no query strings, no body and that's the error I get. I send them fake code and ID, same error. My guess is that their error parsing is broken, if the request is wrong that's the error they return you.

What do I do?

score 0 · Answer 1 · answered Apr 24 '23 at 09:00

I registered one Azure AD application and added Redirect URI as below:

enter image description here

To get authorization code value, I used below authorization request:

https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/authorize
?client_id=<appID>
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345

When I ran the above request in browser, I got code successfully in address bar after signing in like this:

enter image description here

Now I generated access token using Authorization code flow via Postman by passing below parameters under Body section selecting x-www-form-urlencoded like this:

POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:authorization_code
client_id: <appID>
client_secret: <secret>
scope: https://graph.microsoft.com/.default
code: <code_from_above>
redirect_uri: https://jwt.ms

Response:

enter image description here

The error usually occurs when you pass these variables as query parameters while running the request to get access token.

When I passed those variables in query parameters under Params, I got same error as you like below:

POST https://login.microsoftonline.com/tenantID/oauth2/v2.0/token?grant_type=authorization_code&client_id=appID&client_secret=secret&scope=https://graph.microsoft.com/.default&code=code&redirect_uri=https://jwt.ms

Response:

enter image description here

To resolve the error, remove all variables under Query Params and pass them only under Body section selecting x-www-form-urlencoded format.

Check whether Content-Type header is added or not like below:

Content-Type:application/x-www-form-urlencoded

enter image description here

Microsoft OAuth2 /token enpoint returns error code 900144 no matter what

1 Answers1