Quantcast
Channel: Azure Active Directory forum
Viewing all articles
Browse latest Browse all 16000

echo api with oauth2- talking to the AS of an AAD tenant

$
0
0

Ive setup api management to induce the developer console's client to get an authorization code grant from my AAD (federated) tenant. All the evidence is that that step works. However, the site backend step of converting code into token seems to fail, with the AAD reporting a missing parameter via a client-shown error screen:

An error has occurred while authorizing access via api manager: invalid_resource AADSTS50001: Resource identifier is not provided.
Trace ID: 7d408b1f-8b2a-4e0c-8781-1e7d295e34a7
Correlation ID: 73c33ba0-66fd-468e-8b8d-53fd0fb56e7a
Timestamp: 2015-02-18 20:36:05Z

any ideas?

note my AAD-token and AAD-authorization endpoints use the tenant OID (e.g. https://login.windows.net/bcbf53cf-af9a-4584-b4c9-6d8b01b3781d/oauth2/authorize), ignoring documentation in api manager that suggests -STRANGELY - using unknown appid and tokened values where one normally uses tenant fields when talking to AAD.

obviously, the resource parameter is missing on the posited web call to the token endpoint... so how might I fix this?

-----------

Use of the auth endpoint of AAD seems to suceed, note:

GET https://login.windows.net/bcbf53cf-af9a-4584-b4c9-6d8b01b3781d/oauth2/authorize?api-version=1.0&response_type=code&client_id=0bc904ae-3f2c-4ec7-8b71-40f7207112f0&redirect_uri=https%3a%2f%2frapmlsqa.portal.azure-api.net%2fdocs%2fservices%2f54e4f45e73c60f106453dac3%2fconsole%2foauth2%2fauthorizationcode%2fcallback&state=2420bf73-c414-40a6-8c9e-0123be7bd71a&scope=peter HTTP/1.1

Host: login.windows.net

gives a 302 response, with

Location: https://rapmlsqa.portal.azure-api.net/docs/services/54e4f45e73c60f106453dac3/console/oauth2/authorizationcode/callback?code=AAABAAAAvPM1KaPlrEqdFSBzjqfTGOA9N5nbgYtUU48xhe3NgRMx1ZmZ5LJ_7ZtJz_AEFUuu13ByIvjplGOy88TR2Xa7UmvhvmUwxVEgBKluq9RyKbQ4PnQ0bNQhbZS7RETD-tS012eamNfyf42GhnWgeiKIPeLdIv0Mkcgv8SYevaMxrPhWzbXbJRxnF2w39T48Tg0S1fEUmGklohBy9BZtk9HexbL2pHgDOAgaBBMSeCeG5uCWhjzXWAdaZl1XYxulYCxj7r3r9l14LUFA5MFSqgItDLo1FRha_-KMNFR5vFWnZuza8BoGd2Ci_j1PnwwFTbrSo4Mn2kloBQ58VYOrlMyPnvkj2MmiXB1eHsl8opnn1cwtbszFs-Ulo1aLOrxohH5UrfGsjM5IZkPkpyKYbnfdDkga1Km8pd8zo2NRqAW2ds1XY014OequY5ND_Knl0LlYsf7JBgKK-hI4M1H-FkG3L6nrxU2daOgJ2n8dMn6KATXFnKrDpTyacygLF_Gbh5RkC4QWzJQ4g2xfymLlO3I2BEDBGJazmwc7f1PqzgW-YJ4-yn7TTkkwJ-WPI5ozr_YRBrs4ad0JhfSldqsg6E3roRhfZFan9PEb0nRmGTJnvS8OmO3xQHC2CiFsAfwrdwufcPsZ0M82PnDdQ-uBariEUh6KtcGbeF6zUGHQ93RJCT0gAA&state=2420bf73-c414-40a6-8c9e-0123be7bd71a&session_state=c3b2e4f4-bc1b-4e82-9e50-aa4ce59d791f

Server


Viewing all articles
Browse latest Browse all 16000

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>