Hello,
when I try the sample provided here (http://code.msdn.microsoft.com/Write-Sample-App-for-79e55502), it works without modifications. But If I put my own credentials (Office 365 tenant), I'm hitting a 400 error in GetAuthorizationToken.
If I switch to a previous version of the Azure graph api, it works (this proves that tenantID, appPrincipalId, symetricKey are correct): This is the new function provided in the helper (GetAuthorizationToken) that never manages to retrieve the token.
Request sent:
POST https://login.windows.net/ilinfo.onmicrosoft.com/oauth2/token?api-version=1.0 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: login.windows.net
Content-Length: 185
Expect: 100-continue
Connection: Keep-Alive
grant_type=client_credentials&resource=6a1126af-125b-4aca-8ed0-2033d216d161&client_id=6a1126af-125b-4aca-8ed0-2033d216d161&client_secret=(Value modified)
Result:
{"error":"invalid_client","error_description":"ACS50012: Authentication failed.\r\nTrace ID: 75579602-95c4-4a01-81aa-95439e63a4ba\r\nCorrelation ID: 5d880a19-2032-4128-a2e6-bfff088f9ca3\r\nTimestamp: 2013-05-01 08:23:29Z","error_codes":[50012],"timestamp":"2013-05-01 08:23:29Z","trace_id":"75579602-95c4-4a01-81aa-95439e63a4ba","correlation_id":"5d880a19-2032-4128-a2e6-bfff088f9ca3"}
Troubleshooting:
SPN registered for 00000002-0000-0000-c000-000000000000:
https://graph.windows.net
00000002-0000-0000-c000-000000000000/directory.windows.net
00000002-0000-0000-c000-000000000000/graph.windows.net
Microsoft.Azure.ActiveDirectory
00000002-0000-0000-c000-000000000000
SPN registered for AppPrincipalID
6a1126af-125b-4aca-8ed0-2033d216d161/directory.windows.net6a1126af-125b-4aca-8ed0-2033d216d161/graph.windows.net
6a1126af-125b-4aca-8ed0-2033d216d161
Any idea how to fix it?
-- Emmanuel Dreux http://www.cloudiway.com