Microsoft Graph suddenty returning "invalid_grant" for new users, still works fine locally

Copper Contributor

I've been using Microsoft Graph for months to get Calendar's read and write access for my app. Everything's was working fine until a few days ago where new user would get the following error message when following the authentification process for my Microsoft Graph app :

> {"error":"invalid_grant","error_description":"Bad Request"}

The most surprising thing is that if I try the process locally (so using a local URL in "redirectUri"), it's working fine.


It's working fine on my local machine, there's no difference between the code on my local machine and the one in production except for the "RedirectURI" variable that is different.


Here's the code snippet for the authorization url :


const OAUTH_SCOPES= "openid profile offline_access calendars.readwrite";
const OAUTH_AUTHORIZE_ENDPOINT= "/oauth2/v2.0/authorize";
const OAUTH_TOKEN_ENDPOINT = "/oauth2/v2.0/token";

       // Initialize the OAuth client
        $oauthClient = new \League\OAuth2\Client\Provider\GenericProvider([
            'clientId'                => MicrosoftGraphManager::OAUTH_APP_ID,
            'clientSecret'            => MicrosoftGraphManager::OAUTH_APP_SECRET,
            'redirectUri'             => MicrosoftGraphManager::OAUTH_REDIRECT_URI,
            'urlAuthorize'            => MicrosoftGraphManager::OAUTH_AUTHORITY.MicrosoftGraphManager::OAUTH_AUTHORIZE_ENDPOINT,
            'urlAccessToken'          => MicrosoftGraphManager::OAUTH_AUTHORITY.MicrosoftGraphManager::OAUTH_TOKEN_ENDPOINT,
            'urlResourceOwnerDetails' => '',
            'scopes'                  => MicrosoftGraphManager::OAUTH_SCOPES

        $authUrl = $oauthClient->getAuthorizationUrl();

        // Save client state so we can validate in callback
        $Session = $Request->getSession();
        $Session->set("oauthState", $oauthClient->getState());

        $extraParam = "&prompt=select_account"; 

        $finalUrl = $authUrl.$extraParam;


If I set the "OAUTH_REDIRECT_URI" variable to my local environnment and try an authentification there, it's working fine, but if I change this url to the one in production and try the authentification on my production server, it's not working anymore.



0 Replies