Azure-docs: Wrong URI is used for POST examples of "Access token request with a shared secret" and "Access token request with a certificate"
For obtaining an application token with client_credentials the examples should be:
POST /{tenant_id}/oauth2/v2.0/token HTTP/1.1
instead of:
POST /common/oauth2/v2.0/token HTTP/1.1
If you post to "common" then the token will come back with the wrong tid claim and will not have an oid. If you then try to use that token to access the API you'll probably get the following error:
"Authroization_IdentityNotFound: The identity of the calling application could not be established"
To fix this get a new token by posting to "{tenant_id}" instead of "common"
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: e9e02a6a-cd93-700d-0073-cca2f6166d67
- Version Independent ID: 215511e6-6599-4aac-5592-635640a635cb
- Content: Use Azure AD v2.0 to access secure resources without user interaction
- Content Source: articles/active-directory/develop/active-directory-v2-protocols-oauth-client-creds.md
- Service: active-directory
- GitHub Login: @dstrockis
- Microsoft Alias: dastrock
MatLeger
All 6 comments
@MatLeger
Thanks for the feedback! We are currently investigating and will update you shortly.
jason-j-MSFT
on 30 Mar 2018
@MatLeger As mentioned in the document regarding Tenant parameter - The directory tenant that you want to request permission from. This can be in GUID or friendly name format. If you don't know which tenant the user belongs to and you want to let them sign in with any tenant, use common.
MohitGargMSFT
on 30 Mar 2018
@MatLeger We will now proceed to close this thread. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.
MohitGargMSFT
on 2 Apr 2018
Note - @MatLeger you're correct about the tenant that needs to be used - otherwise the app is asking for permissions against the "common" tenant, which doesn't make sense. Use the common tenant when getting admin consent, and then look at the tenant query parameter in the redirect. Then, use this tenant value in the Access Token requests.
@MohitGargMSFT - I'll have a PR out this week fixing this as part of the docs update for Build.
hpsin
on 18 Apr 2018
@MatLeger - The PR from @hpsin is here (https://github.com/MicrosoftDocs/azure-docs-pr/pull/38280) and awaiting merge into master (then live).
CelesteDG
on 25 Apr 2018
please-close this is complete.
hpsin
on 1 May 2018
Related issues
TechTrooper
·
41Comments
danielstocker
·
70Comments
aspnet4you
·
50Comments
tvperez76
·
55Comments
DanijelMalik
·
82Comments
Most helpful comment
@MatLeger - The PR from @hpsin is here (https://github.com/MicrosoftDocs/azure-docs-pr/pull/38280) and awaiting merge into master (then live).