oauth 2.0 - Getting invalid authorization_code, error AADSTS70000: The provided value for the 'code' parameter is not valid. The code has expired

Question

I'm using an Office 365 Family account, and getting an incorrect authorization code back, using the following url:

'https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=[CLIENT ID]&response_type=code&redirect_uri=[REDIRECT URI]&response_mode=query&scope=offline_access%20Calendars.ReadWrite%20Files.ReadWrite.All%20User.Read%20openid%20profile&state=12345';

The code I received on one attempt was: M.R3_BAY.44e411b5-8fcf-f0be-2356-d56fd3293055, and they all have that format whenever I try, which is not what it should be like, and does not decode on jwt.

Can anyone please tell me what's going wrong? I've been searching for months for an answer without any luck.

question from:https://stackoverflow.com/questions/66056238/getting-invalid-authorization-code-error-aadsts70000-the-provided-value-for-th

Answer 1

If this is the authorization code, it is not meant to be decoded. You are supposed to exchange it for tokens, which are in JWT format. Documentation: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-access-token

If this is in fact an access token, it could be for a personal Microsoft account. I've seen different format tokens there before. You currently allow all Office 365 accounts and personal Microsoft accounts since you use common endpoint on v2.0. If you only mean to support all Office 365 accounts, you can use organizations instead.