python-o365: Connection.request_token: missing_code-error despite single tenant application
Hi there! I’m trying to deal with microsoft graph api via O365. As far as I understand the usage of an Authorization Code is not necessary when dealing with single tenant applications. My code is the following:
credentials = ('client_id', 'client_secret')
scopes = ['http://graph.microsoft.com/Mail.Read']
protocol_graph = MSGraphProtocol()
scopes_graph = protocol_graph.get_scopes_for(scopes)
con = Connection(credentials, scopes=scopes_graph, tenant_id='tenant_id')
url, state = con.get_authorization_url()
con.request_token(url)
request_token gives me: Unable to fetch auth token. Error: (missing_code) Missing code parameter in response. despite there’s no need of a code since dealing with single tenant application.
I’m able to get a token via:
payload = {'client_id': 'client_id',
'client_secret': 'client_secret',
'grant_type': 'client_credentials',
'scope': 'Mail.Read'}
r = requests.get('https://login.microsoftonline.com/tenant_id/oauth2/token',
data=payload, headers={'Content-Type': 'application/x-www-form-urlencoded'})
token = json.loads(r.content)['access_token']
Is there a workaround to set the token manually without usage of request_token? Many thanks!
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 28 (28 by maintainers)
Commits related to this issue
- Fix bug on auto refresh on client credentials flow #294 — committed to O365/python-o365 by deleted user 5 years ago
- Fix bug: scopes was not set on client credentials flow #294 — committed to O365/python-o365 by deleted user 5 years ago
- When using the credentials auth_flow_type the tenant_id is now required (#330 and #294) Updated Readme to reflect this change — committed to O365/python-o365 by deleted user 5 years ago
Thank you very much @teamoo
With tenant = ‘common’ I get the following exception:
Unable to fetch auth token. Error: (unauthorized_client) AADSTS700016: Application with identifier 'XXXX-XXXX-XXXXX-XXXXXX' was not found in the directory 'microsoft.com'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
So it is clear that the tenant id is definitely needed.
That’s true because if you pass None to the authenticate scopes parameter, the authenticate method will still use the scopes provided on the Account init
I don’t understand this error. The scopes are passed to the Oauth2Session object on in the get_session method (same for the web flow… that works).
Anyway… passing the scope parameter to fetch token solves this.
No, not needed.
Yes, It should ask for another access token. I’ll see how to do it.
This is what works for me: