OAuth 2 Resource Owner Password Credentials grant in AzureAd - nordvall/TokenClient GitHub Wiki
Updated: This grant type is supported since api-version 1.1 in AzureAD.
Example request:
POST /instanceid/oauth2/token?api-version=1.1 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: login.windows.net
grant_type=password&resource=https%3A%2F%2Flocalhost%3A18181&client_id=246e3879-8495-49fc-ad95-d79521b6ed94&username=someone%40something.onmicrosoft.com&password=pwd1
Parameters:
Name | Value | Example |
---|---|---|
grant_type | the OAuth 2 grant type | Always password in this flow |
resource | The App id value of the application you want an access token to | https:// localhost:1818. |
client_id | The Client Id value of another registered application in Azure AD | a guid |
username | The user name of a user account in the AzureAD instance | [email protected] |
password | The password of the user account | pwd1 |
Server response:
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"token_type":"Bearer",
"expires_in":"3599",
"expires_on":"1419269002",
"not_before":"1419265102",
"resource":"https://localhost:18181",
"access_token":"*token*",
"refresh_token":"*token*",
"scope":"user_impersonation",
"pwd_exp":"7804308",
"pwd_url":"https://portal.microsoftonline.com/ChangePassword.aspx"
}
Now you can grab the access_token and use it for 3599 seconds. If the user needs to change the password, you can send him or her to the pwd_url.