Stuck between two errors in an Azure OAuth2 token request

Question

I am implementing an OAuth2 provider for OWIN and Azure Active Director. FWIW, at this time the OpenId Connect option doesn\'t fit the requirements for this work.

I

Answer 1

OAuth deals with 4 parties: 1) resource owner aka user 2) resource app: usually a Web API that protects access to resources owner by the user 3) client app: a web app or mobile app or even another Web API that wants to access the resource on-behalf of the user 4) the authority: the secure token service that authenticates the user and/or the client app and issues a delegated access token to the client to access the resource.

Your code is using the same identifier for the client app as well as the resource - essentially it is trying to request for an access token to access itself. It can be argued that this scenario should be allowed - but it isn't today by Azure AD.

Please do the following: register a resource application in Azure AD. In its manifest add a new an appPermission (follow this post). Then, go to the client application configuration page and scroll to the bottom - in the 'Permissions to other applications' section, add the resource permission to the client applications list of "delegated permissions".

Now, use the resource application's AppIDURI or ClientID in your OAuth request and stuff should work.

Hope this helps.