Microsoft Graph API access token validation failure

Question

I use this URL to get id_token:

https://login.microsoftonline.com/common/oauth2/authorize?
response_type=id_token%20code&
client_id=MY_CLIENT_GUID_ID_IN_         


        

Answer 1

You can't use the token directly, there is one more step to exchange the code you get from the response url into token.

Here is my C# code (using Microsoft.IdentityModel.Clients.ActiveDirectory)

      public static AuthenticationResult ExchangeCodeForToken(string InTenantName, string InUserObjId, string InRedirectUri, string InApplicationAzureClientID, string InApplicationAzureClientAppKey)
      {
                Check.Require(!string.IsNullOrEmpty(InTenantName), "InTenantName must be provided");
                Check.Require(!string.IsNullOrEmpty(InUserObjId), "InUserObjId must be provided");

                if (CanCompleteSignIn) //redirect from sign-in
                {
                    var clientCredential = new ClientCredential(InApplicationAzureClientID, InApplicationAzureClientAppKey);
                    var authContext = new AuthenticationContext(Globals.GetLoginAuthority(InTenantName), (TokenCache)new ADALTokenCache(InUserObjId)); //Login Authority is https://login.microsoftonline.com/TenantName
                    return authContext.AcquireTokenByAuthorizationCode(VerificationCode, new Uri(InRedirectUri), clientCredential, Globals.AZURE_GRAPH_API_RESOURCE_ID); //RESOURCE_ID is "https://graph.microsoft.com/"
                }

                return null; 
       }