Microsoft Graph API access token validation failure

Question

I use this URL to get id_token:

https://login.microsoftonline.com/common/oauth2/authorize?
response_type=id_token%20code&
client_id=MY_CLIENT_GUID_ID_IN_         


        

Answer 1

An updated answer to get access with new applications:

1. Register your app in the app registration portal.

2. Authorization request example:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&scope=offline_access%20user.read%20mail.read&state=12345

Authorization response will look like this:

https://localhost/myapp/?code=M0ab92efe-b6fd-df08-87dc-2c6500a7f84d&state=12345

3. Get a token

   POST /{tenant}/oauth2/v2.0/token HTTP/1.1

   Host: https://login.microsoftonline.com

   Content-Type: application/x-www-form-urlencoded

   client_id=6731de76-14a6-49ae-97bc-6eba6914391e

   &scope=user.read%20mail.read

   &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...

   &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F

   &grant_type=authorization_code

   &client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps

4. Use the access token to call Microsoft Graph

   GET https://graph.microsoft.com/v1.0/me

   Authorization: Bearer eyJ0eXAiO ... 0X2tnSQLEANnSPHY0gKcgw

   Host: graph.microsoft.com

Source:

https://docs.microsoft.com/en-us/graph/auth-v2-user?context=graph/api/1.0

You can also get an access token without a user, see here:

https://docs.microsoft.com/en-us/graph/auth-v2-service