Error OAuth integration with O365 fails with error AADSTS65005

0 votes

We have a web site (built on a php framework) where we provide online educational tools for teachers/students. We have done an OAuth integration with google.com where users can 'sign up' and 'sign in' to our site using their google accounts (could be a personal gmail account, or a member of a google apps domain).

We are trying to do a similar integration with O365 where our website can ask O365 for user's email and first/last names so we can create an account for them on our site, and once the account is created, log them in. We have created an Application listing in Azure -> Active Directory, and have generated the client ID and secret, and plugged them into out PHP code. The OAuth workflow described here works up until the point where I try and request the access token using a POST request to https://login.windows.net/common/oauth2/token. It redirects back to my redirect_uri but instead of giving me the auth code, it gives me these params in the URL:

[error] => access_denied
[error_description] => AADSTS65005: The client application has requested access to resource 'https://outlook.office365.com/'. This request has failed because the client has not specified this resource in its requiredResourceAccess list.
Trace ID: xxxxxx
Correlation ID: xxxxxx
Timestamp: 2014-09-29 06:28:25Z
[state] => xxxxxx
All I need is for O365 to give me the user's email and f/l names. Surely there's a quick fix for this that I am missing?
Aug 10, 2018 in Azure by null_void
• 3,220 points
739 views

1 answer to this question.

0 votes

By default, a registered app is configured to request "Read the user's profile", which once consented to by the user, allows the app to get a user token (id token if using OpenID Connect) and read the signed in user's profile (including their mail address or addresses) when calling the Azure AD Graph API. Apps secured by Azure AD must currently configure the permission scopes they require up front (as part of the app registration experience, under the "Permissions to other applications" section). Here it looks like you've specified Outlook.com as the resource that you'd like a code and access token for, but your app is not configured to allow access to O365 Outlook.com/Exchange Online.

Please try setting the resource in your request to Azure AD - https://graph.windows.net/. That shouldwork for you. You can then swap the code for an access token to call the Azure AD Graph API.

Hope this helps

answered Aug 10, 2018 by club_seesharp
• 3,450 points

Related Questions In Azure

0 votes
1 answer

Getting an error when trying to authenticate using REST API Dynamics CRM with Azure AD.

Dynamics 365 has started to support Server-to-Server ...READ MORE

answered Apr 25, 2019 in Azure by Prerna
• 1,960 points
2,439 views
0 votes
1 answer

StackExchange.Redis with Azure Redis shows error

Hey, check out the Azure Redis Cache documentation This ...READ MORE

answered Jun 28, 2019 in Azure by Perry
• 17,100 points
2,696 views
0 votes
1 answer

I am getting a network related error saying "cannot connect to a server". need help here.

Actually i got the same error, it ...READ MORE

answered Apr 27, 2018 in Azure by null_void
• 3,220 points
941 views
0 votes
2 answers

In Azure powershell Select-AzureSubscription command fetching error: the subscription name doesn't exist

The problem you're having is that the ...READ MORE

answered Aug 16, 2018 in Azure by Priyaj
• 58,100 points
7,478 views
0 votes
1 answer

Not being able to get user consent - OAuth2 with AzureAD

The problem you are running in to ...READ MORE

answered Jun 8, 2018 in Azure by cloudie_crank
• 1,610 points
2,067 views
0 votes
1 answer

Error: Install-Module : The term 'Install-Module' is not recognized as the name of a cmdlet

Since you are using the lower version ...READ MORE

answered Jun 20, 2018 in Azure by null_void
• 3,220 points
3,859 views
0 votes
1 answer

How can I use “Azure File Storage” with Web App Service?

If you're looking for mapping a drive ...READ MORE

answered Aug 11, 2018 in Azure by null_void
• 3,220 points
4,150 views
0 votes
1 answer

Error: The subscription is not registered to use namespace 'Microsoft.DataFactory

In Azure, for each functionality there's a ...READ MORE

answered Aug 24, 2018 in Azure by null_void
• 3,220 points
1,490 views
0 votes
1 answer

Is there a way to get ERROR details on Azure website?

You have two options: First, you can turn ...READ MORE

answered May 25, 2018 in Azure by club_seesharp
• 3,450 points
2,574 views
0 votes
1 answer

How can i upload to Azure Blob storage with Shared Access key?

For GetBlobReferenceFromServer to work, the blob must be present ...READ MORE

answered Jun 12, 2018 in Azure by club_seesharp
• 3,450 points
3,540 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP