Use this grant type for configurations that use Federated accounts without Azure Active Directory as the underlying Identity Provider.
Use the
offline_access scope parameter when connecting through this method. Logging into the RIM API should follow the
refresh_token grant after initial bearer token has been generated.
To define client credentials:
-
Submit a
HTTPS POST request to:
https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
The
tenant_id format:
xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx.
The body of the request should include the form-data:
| Parameter Name
|
Value
|
| client_id
|
xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
|
| scope
|
<registered client_id>/.default openid offline_access
|
A "user_code" is generated on successful POST operation.
-
In a browser, navigate to:
https://microsoft.com/devicelogin.
-
Enter the
user_code string generated into the browser field.
-
Follow the prompts to complete the authentication request.
-
Record or capture the device_code generated as part of the POST request
-
Submit a
HTTPS POST request to:
https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
| Parameter Name
|
Value
|
| grant_type
|
urn:ietf:params:oauth:grant-type:device_code
|
| client_id
|
<registered client_id>
|
| device_code
|
<device_code_from_previous_step>
|
The Response generates an AzureBearerBody Token with the
offline_access parameter set.
-
Use this bearer token in the
refresh_token grant flow.
If the
offline_access parameter is not defined, follow the usual steps to generate the
X-CSRF-TOKEN, JSESSION &
RIM API login.