How to process the access token response received from Azure AD v2.0 service?

After Azure AD v2.0 service receives an access token request from your Web server script, it will process the request and returns the access token response directly.

In order for your Web server script to process the access token response, you need to have a good understanding of the access token response.

Here is an example of Azure AD v2.0 access token response,

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQ...",
    "token_type": "Bearer",
    "scope": "openid profile email Mail.Read User.Read",
    "expires_in": 3600,
    "ext_expires_in": 3600
    "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
}

The "access_token" value is actually the "id_token" defined in RFC 7519 - JWT (JSON Web Token).

If there is any issue with the access token request, you will receive an error response like this:

{
    "error": "invalid_client",
    "error_description": "AADSTS70002: Error validating credentials.
AADSTS500112: The reply address 'http:\/\/fyicenter.com\/openID_receiver.php' 
does not match the reply address 'http:\/\/fyicenter.com\/openid_receiver.php' 
provided when requesting Authorization code.\r\n
Timestamp: 2019-01-01 21:27:27Z",
    "error_codes": [
        70002,
        500112
    ],
    "timestamp": "2019-01-01 21:27:27Z",
    "trace_id": "3307bd84-6949-4780-8ceb-61f924222b63",
    "correlation_id": "a181ee7c-951c-4e8f-8700-0da3f4237c7e"
}

If an error response is received, your server side script should display an error Web page to the end user, so he/she can try to sign on again.

⇒ Azure AD v2 Access Token Request Test Page

⇐ Process Azure AD v2 Access Token Request

⇑ Azure AD Integration v2.0

⇑⇑ OpenID Tutorials