Skip to content

Commit 0a8a932

Browse files
PRMerger8PRMerger8
authored
Merge pull request #102990 from rwike77/authupdates
Updating scopes, adding note
2 parents d6bf7a5 + 4fcd937 commit 0a8a932

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

articles/active-directory/develop/v2-oauth2-auth-code-flow.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ ms.workload: identity
1414
ms.tgt_pltfrm: na
1515
ms.devlang: na
1616
ms.topic: conceptual
17-
ms.date: 11/19/2019
17+
ms.date: 01/31/2020
1818
ms.author: ryanwi
1919
ms.reviewer: hirsin
2020
ms.custom: aaddev, identityplatformtop40
@@ -41,7 +41,7 @@ At a high level, the entire authentication flow for a native/mobile application
4141

4242
## Request an authorization code
4343

44-
The authorization code flow begins with the client directing the user to the `/authorize` endpoint. In this request, the client indicates the permissions it needs to acquire from the user:
44+
The authorization code flow begins with the client directing the user to the `/authorize` endpoint. In this request, the client requests the `openid`, `offline_access`, and `https://graph.microsoft.com/mail.read `permissions from from the user. Some permissions are admin-restricted, for example writing data to an organization's directory by using `Directory.ReadWrite.All`. If your application requests access to one of these permissions from an organizational user, the user receives an error message that says they're not authorized to consent to your app's permissions. To request access to admin-restricted scopes, you should request them directly from a company administrator. For more information, read [Admin-restricted permissions](v2-permissions-and-consent.md#admin-restricted-permissions).
4545

4646
```
4747
// Line breaks for legibility only
@@ -51,13 +51,13 @@ client_id=6731de76-14a6-49ae-97bc-6eba6914391e
5151
&response_type=code
5252
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
5353
&response_mode=query
54-
&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
54+
&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
5555
&state=12345
5656
```
5757

5858
> [!TIP]
5959
> Click the link below to execute this request! After signing in, your browser should be redirected to `https://localhost/myapp/` with a `code` in the address bar.
60-
> <a href="https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read&state=12345" target="_blank">https://login.microsoftonline.com/common/oauth2/v2.0/authorize...</a>
60+
> <a href="https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read&state=12345" target="_blank">https://login.microsoftonline.com/common/oauth2/v2.0/authorize...</a>
6161
6262
| Parameter | Required/optional | Description |
6363
|--------------|-------------|--------------|
@@ -136,7 +136,7 @@ Host: https://login.microsoftonline.com
136136
Content-Type: application/x-www-form-urlencoded
137137
138138
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
139-
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
139+
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
140140
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
141141
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
142142
&grant_type=authorization_code
@@ -167,7 +167,7 @@ A successful token response will look like:
167167
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
168168
"token_type": "Bearer",
169169
"expires_in": 3599,
170-
"scope": "https%3A%2F%2Fgraph.microsoft.com%2Fuser.read",
170+
"scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
171171
"refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
172172
"id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
173173
}
@@ -251,7 +251,7 @@ Host: https://login.microsoftonline.com
251251
Content-Type: application/x-www-form-urlencoded
252252
253253
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
254-
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
254+
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
255255
&refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
256256
&grant_type=refresh_token
257257
&client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps
@@ -280,7 +280,7 @@ A successful token response will look like:
280280
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
281281
"token_type": "Bearer",
282282
"expires_in": 3599,
283-
"scope": "https%3A%2F%2Fgraph.microsoft.com%2Fuser.read",
283+
"scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
284284
"refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
285285
"id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
286286
}

0 commit comments

Comments
 (0)