Ive setup api management to induce the developer console's client to get an authorization code grant from my AAD (federated) tenant. All the evidence is that that step works. However, the site backend step of converting code into token seems to fail, with the AAD reporting a missing parameter via a client-shown error screen:
An error has occurred while authorizing access via api manager: invalid_resource AADSTS50001: Resource identifier is not provided.
Trace ID: 7d408b1f-8b2a-4e0c-8781-1e7d295e34a7
Correlation ID: 73c33ba0-66fd-468e-8b8d-53fd0fb56e7a
Timestamp: 2015-02-18 20:36:05Z
any ideas?
note my AAD-token and AAD-authorization endpoints use the tenant OID (e.g. https://login.windows.net/bcbf53cf-af9a-4584-b4c9-6d8b01b3781d/oauth2/authorize), ignoring documentation in api manager that suggests -STRANGELY - using unknown appid and tokened values where one normally uses tenant fields when talking to AAD.
obviously, the resource parameter is missing on the posited web call to the token endpoint... so how might I fix this?
-----------
Use of the auth endpoint of AAD seems to suceed, note:
GET https://login.windows.net/bcbf53cf-af9a-4584-b4c9-6d8b01b3781d/oauth2/authorize?api-version=1.0&response_type=code&client_id=0bc904ae-3f2c-4ec7-8b71-40f7207112f0&redirect_uri=https%3a%2f%2frapmlsqa.portal.azure-api.net%2fdocs%2fservices%2f54e4f45e73c60f106453dac3%2fconsole%2foauth2%2fauthorizationcode%2fcallback&state=2420bf73-c414-40a6-8c9e-0123be7bd71a&scope=peter HTTP/1.1
Host: login.windows.net
gives a 302 response, with
Location: https://rapmlsqa.portal.azure-api.net/docs/services/54e4f45e73c60f106453dac3/console/oauth2/authorizationcode/callback?code=AAABAAAAvPM1KaPlrEqdFSBzjqfTGOA9N5nbgYtUU48xhe3NgRMx1ZmZ5LJ_7ZtJz_AEFUuu13ByIvjplGOy88TR2Xa7UmvhvmUwxVEgBKluq9RyKbQ4PnQ0bNQhbZS7RETD-tS012eamNfyf42GhnWgeiKIPeLdIv0Mkcgv8SYevaMxrPhWzbXbJRxnF2w39T48Tg0S1fEUmGklohBy9BZtk9HexbL2pHgDOAgaBBMSeCeG5uCWhjzXWAdaZl1XYxulYCxj7r3r9l14LUFA5MFSqgItDLo1FRha_-KMNFR5vFWnZuza8BoGd2Ci_j1PnwwFTbrSo4Mn2kloBQ58VYOrlMyPnvkj2MmiXB1eHsl8opnn1cwtbszFs-Ulo1aLOrxohH5UrfGsjM5IZkPkpyKYbnfdDkga1Km8pd8zo2NRqAW2ds1XY014OequY5ND_Knl0LlYsf7JBgKK-hI4M1H-FkG3L6nrxU2daOgJ2n8dMn6KATXFnKrDpTyacygLF_Gbh5RkC4QWzJQ4g2xfymLlO3I2BEDBGJazmwc7f1PqzgW-YJ4-yn7TTkkwJ-WPI5ozr_YRBrs4ad0JhfSldqsg6E3roRhfZFan9PEb0nRmGTJnvS8OmO3xQHC2CiFsAfwrdwufcPsZ0M82PnDdQ-uBariEUh6KtcGbeF6zUGHQ93RJCT0gAA&state=2420bf73-c414-40a6-8c9e-0123be7bd71a&session_state=c3b2e4f4-bc1b-4e82-9e50-aa4ce59d791f
Server