AzureADB2C - ADSTS900144: The request body must contain the following parameter: 'code' #1623

jmuffat · 2021-03-31T11:18:09Z

jmuffat
Mar 31, 2021

I'm trying to implement a Microsoft login option and failing miserably...
So I'm posting this little help message here, in case anybody has seen it before :

The use case is to authenticate users and be able to save their work in their OneDrive

I am using a vanilla provider :

const oneDriveProvider = Providers.AzureADB2C({
    id: "msgraph",
    name: "OneDrive",
    clientId: process.env.MS_CLIENT_ID,
    clientSecret: process.env.MS_CLIENT_SECRET,
    scope: [
        'offline_access',
        'User.Read',
        'Files.ReadWrite.AppFolder'
    ].join(' ')
})

my app looks like it's setup properly on azure, nothing fancy about it, I only did three things:

setup redirection URI's
setup authorizations as above
checked both items under 'Implicit grant and hybrid flows'

when I try to login, I am getting the following error :

https://next-auth.js.org/errors#oauth_callback_error {
  statusCode: 400,
  data: `{"error":"invalid_request","error_description":"AADSTS900144: The request body must contain the following parameter: 'code'.\\r\\nTrace ID: aeab5bc3-a613-456c-a373-d7b54a881000\\r\\nCorrelation ID: 1b8a84ad-0842-4c60-837d-827b85098a3b\\r\\nTimestamp: 2021-03-31 11:17:20Z","error_codes":[900144],"timestamp":"2021-03-31 11:17:20Z","trace_id":"aeab5bc3-a613-456c-a373-d7b54a881000","correlation_id":"1b8a84ad-0842-4c60-837d-827b85098a3b","error_uri":"https://login.microsoftonline.com/error?code=900144"}`
}

Any advice ?

Answered by jmuffat

Mar 31, 2021

This error message wasn't the relevant one, it only was a consequence of authentication failing because of a different issue.

My app wasn't properly set up with Azure and Microsoft sent an error message back to our callback endpoint. I only noticed this by looking at Chrome's network debug. I have no idea where we can catch this error message in NextAuth, if somebody knows how, I wouldn't mind catching and logging these.

PS: for the curious, my actual problem was that I did not set the "audience" properly to use the 'common' endpoints. In the manifest, I had "signInAudience": "PersonalMicrosoftAccount",when I should have had "signInAudience": "AzureADandPersonalMicrosoftAccount",

View full answer

jmuffat · 2021-03-31T15:34:47Z

jmuffat
Mar 31, 2021
Author

This error message wasn't the relevant one, it only was a consequence of authentication failing because of a different issue.

My app wasn't properly set up with Azure and Microsoft sent an error message back to our callback endpoint. I only noticed this by looking at Chrome's network debug. I have no idea where we can catch this error message in NextAuth, if somebody knows how, I wouldn't mind catching and logging these.

PS: for the curious, my actual problem was that I did not set the "audience" properly to use the 'common' endpoints. In the manifest, I had "signInAudience": "PersonalMicrosoftAccount",when I should have had "signInAudience": "AzureADandPersonalMicrosoftAccount",

1 reply

balazsorban44 Mar 31, 2021
Maintainer

you can check out the customizable logger option https://next-auth.js.org/configuration/options#logger

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

AzureADB2C - ADSTS900144: The request body must contain the following parameter: 'code' #1623

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

AzureADB2C - ADSTS900144: The request body must contain the following parameter: 'code' #1623

Uh oh!

jmuffat Mar 31, 2021

Replies: 1 comment · 1 reply

Uh oh!

jmuffat Mar 31, 2021 Author

Uh oh!

balazsorban44 Mar 31, 2021 Maintainer

jmuffat
Mar 31, 2021

Replies: 1 comment 1 reply

jmuffat
Mar 31, 2021
Author

balazsorban44 Mar 31, 2021
Maintainer