Access Token Response Received from Azure AD v2

Q

How to process the access token response received from Azure AD v2.0 service?

✍: FYIcenter.com

A

After Azure AD v2.0 service receives an access token request from your Web server script, it will process the request and returns the access token response directly.

In order for your Web server script to process the access token response, you need to have a good understanding of the access token response.

Here is an example of Azure AD v2.0 access token response,

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQ...",
    "token_type": "Bearer",
    "scope": "openid profile email Mail.Read User.Read",
    "expires_in": 3600,
    "ext_expires_in": 3600
    "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
}

The "access_token" value is actually the "id_token" defined in RFC 7519 - JWT (JSON Web Token).

If there is any issue with the access token request, you will receive an error response like this:

{
    "error": "invalid_client",
    "error_description": "AADSTS70002: Error validating credentials.
AADSTS500112: The reply address 'http:\/\/fyicenter.com\/openID_receiver.php' 
does not match the reply address 'http:\/\/fyicenter.com\/openid_receiver.php' 
provided when requesting Authorization code.\r\n
Timestamp: 2019-01-01 21:27:27Z",
    "error_codes": [
        70002,
        500112
    ],
    "timestamp": "2019-01-01 21:27:27Z",
    "trace_id": "3307bd84-6949-4780-8ceb-61f924222b63",
    "correlation_id": "a181ee7c-951c-4e8f-8700-0da3f4237c7e"
}

If an error response is received, your server side script should display an error Web page to the end user, so he/she can try to sign on again.

Â

â‡’ Azure AD v2 Access Token Request Test Page

â‡ Process Azure AD v2 Access Token Request

â‡‘ Azure AD Integration v2.0

â‡‘â‡‘ OpenID Tutorials

2019-03-27, 1953👍, 0💬

Validate Azure AD v2 id_token Signature
How to validate the id_token signature received from Azure AD v2.0 authentication response? You can use some existing libraries to perform the Azure AD "id_token" signature validation using libraries of different programming languages as suggested in "Azure Active Directory access tokens" article" .... 2019-03-27, 1332👍, 0💬

Validate Azure AD v2 id_token
How to validate the id_token value received from Azure AD v2.0 authentication response? As you can see from the previous tutorials, you can easily decode the "id_token" value received from Azure AD authentication response using a simple PHP script. After decoding, you can get all information about t... 2019-03-27, 1109👍, 0💬

Build Authorization Code Flow with Azure AD v2
How to implement the OpenID Authorization Code Flow with Azure AD v2.0 service? If you want to implement the OpenID Authorization Code Flow in your Web application to use Azure AD service, you should follow these steps: 1. Building the Azure AD v2.0 Sign-on authentication request: Register your Web ... 2019-03-27, 1097👍, 0💬

Azure AD v2 Access Token Request
What is the Azure AD v2.0 Access Token Request? If you want to implement the authentication code flow to integrate your application with Azure AD v2.0, you need to have a good understanding of the Azure AD v2.0 access token request, which is the second call you have to make in the authentication cod... 2019-03-27, 1043👍, 0💬

Azure AD B2C Integration
Where to find tutorials on Azure AD B2C Integration? Here is a list of tutorials to answer many frequently asked questions compiled by FYIcenter.com team on Azure AD B2C Integration. What Is Azure AD B2C Application Registration on Azure AD B2C User Sources in Azure AD B2C Register Azure AD Applicat... 2019-03-27, 1021👍, 0💬

Azure AD v2 Access Token Request Test Page
How to build an Azure AD 2.0 Access Token Request Test page? The Access Token Request is the second call to the Azure AD service in the authentication code flow to retrieve the id_token with the authentication code received from the first call. You can build a simple Web form page to test different ... 2019-03-27, 999👍, 0💬

Process Azure AD v2 Access Token Request
How to the Azure AD v2.0 access token Request is process by Azure AD service? When Azure AD service receives an access token Request from a Web server, it will: Verify if the "client_id" value in the request is valid. If not, display an error message page to the end user. Take the "code" value from ... 2019-03-27, 986👍, 0💬

What Is Azure AD B2C
What is Azure AD (Active Directory) B2C (Business To Consumer)? Azure AD B2C provides authentication services to users in your own organizations, your external partner organizations, and any users with Microsoft ID or other IDs like Google or Facebook. Azure Active Directory (Azure AD) B2C is an ide... 2019-03-20, 945👍, 0💬

Initiate Azure AD v2 Access Token Request
How to initiate Azure AD v2.0 Access Token Request? The Azure AD v2.0 Access Token Request should be initiated from your application Web server. This is why the authentication code flow is more secure than the implicit flow, because the "id_token" value will be received by Web server directly from t... 2019-03-27, 936👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.