I ve created an app in Azure AD and followed this steps (Application and user access): https://github.com/MicrosoftDocs/partner-rest/blob/docs/partner-rest/develop/api-authentication.md
From what I understand the Microsoft Partner API only works with MFA, so I can t authenticate using username + password to https://login.microsoftonline.com.
To get an access_code, I perform these steps:
Open the url in my browser: https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize?client_id=CLIENT_ID&response_type=code&redirect_uri=https://****/test.php&response_mode=form_post&scope=offline_access%20openid%20profile%20User.Read&state=1
On the callback url, I receive a code, which I use to request the
access_code. I perform the following request:
curl --request POST https://login.microsoftonline.com/TENANT_ID/oauth2/token
--header Content-Type: application/x-www-form-urlencoded
--data-urlencode grant_type=authorization_code
--data-urlencode client_id=CLIENT_ID
--data-urlencode client_secret=CLIENT_SECRET
--data-urlencode resource=https://api.partner.microsoft.com
--data-urlencode code=CODE_FROM_PREVIOUS_REQUEST
--data-urlencode redirect_uri=https://****/test.php
Now I have the access_code and the refresh_token
- This is where I m stuck, I use the
access_tokenin the following request:
curl --request GET https://api.partnercenter.microsoft.com/v1/customers
--header Authorization: Bearer ACCESS_TOKEN
But I get an 401 invalid_grant error. I also found this article from a similar problem, but that didn t help.