search

cloudentity / oauth2c

User-friendly OAuth2 CLI
https://cloudentity.github.io/oauth2c/
Apache License 2.0
741 stars 29 forks source link

Microsoft authorization_code flow #93

Closed brenwell closed 8 months ago

brenwell commented 10 months ago

Thanks for such a cool library.

I am having some trouble fixing an issue with Microsoft's code flow. It appears I need to add the code field in the token exhange. Is this something I can do just via settings of the CLI?

Thanks

 SUCCESS  Obtained authorization code

# Exchange authorization code for token

POST https://login.microsoftonline.com/common/oauth2/v2.0/token
Headers:
  Authorization: Basic NWJiZWRmZ..........................................kI2clZiT3I=
  Content-Type: application/x-www-form-urlencoded
Form post:
  grant_type: authorization_code
  redirect_uri: http://localhost:9876/callback
  code_verifier: Pi1uLA..................NO8n2tpEiARqd
Response:
{
  "error": "invalid_request",
  "error_description": "AADSTS900144: The request body must contain the following parameter: 'code'...."
}
brenwell commented 10 months ago

Their documentation suggests they are expecting a number of extra fields. https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-access-token-with-a-client_secret

POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=204196ef-b7fd-461f-89b7-f778e1568c41
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong 
&client_secret=sampleCredentia1s

Is there a way to add the code and scope to the token request?

mbilski commented 9 months ago

Hi @brenwell

What response mode did you use? Query or fragment? The oauth2c might not work correctly with fragment mode #47

Could you attach the cmd and the entire output?

Thanks

brenwell commented 8 months ago

Hey. Thanks for the reply. I moved on from that issue. I tried to recreate it but I forgot exactly what I was doing at the time. It was an issue for me, but it was likely my fault. So maybe it doesn't matter if I am the only one.

Also I see that "scope" is optional.

And I see that the token request has a Basic Auth header.