Develop Reference

Invalid_grant when requesting Access token MS Graph

thanks for reading this.
I've a problem obtaining an access token for MS Graph using Postman. I've been reading similar posts on stackoverflow, but so far, without success. In the following I added some screenshots that contain (I believe) all the information needed for this process.
Screenshot of application permissions: https://i.stack.imgur.com/4lyM2.png
The link I use to obtain an access-code:
https://login.microsoftonline.com/{Tenant ID}/oauth2/v2.0/authorize?
client_id=3ef3343a-ab22-4c50-12ae2a2d7c67
&response_type=code
&redirect_uri=https://localhost:8080
&response_mode=query
&scope=offline_access%20user.read
&state=12345
3)After following this link I give permission and receive a code, which I use in the following postman call: https://i.stack.imgur.com/ZJv2b.png
I had no problem obtaining the access token without a user, but unfortunately, I need more than just the application permissions. I hope someone can help me!
Thanks for your time!

You need to delete the "code=" in code of postman call, it looks like "OAAABAAAAiL9Kn.....". code is just the value of "code" from /authorize endpoint. The others all looks correct.
UPDATE:
I tried with the steps in your issue, it worked well.
Permissions:
Get authorization code:
https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize?
client_id={client-id}
&response_type=code
&redirect_uri=https://localhost:44300/
&response_mode=query
&scope=offline_access%20user.read
&state=12345
Receive the code:
https://localhost:44300/?code=0.ATcATqvJ...vv1MbCO6MN_uCAA&state=12345&session_state=7ac58b8f-b2af-45fa-be4b-0b2c2a003e2e
Code is 0.ATcATqvJ...vv1MbCO6MN_uCAA from the pervious.
Request in Postman:

You cannot generate a single token both Delegated (with a user) and Application (without a user). You'll need to make two separate requests.
For generating a Delegated token, you first need to retrieve an Authorization Code (i.e. the authrorization_code grant). This is done by redirecting the user to the following address (line breaks are for readability only)
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=[APPLICATION ID]&
response_type=code&
redirect_uri=[REDIRECT URI]&
scope=[SCOPE]
This will return an Authorization Code to the address you specified in the redirect_uri parameter (note that this address must also be included in your app registration). You then take this code an POST it to the /token endpoint like this:
https://login.microsoftonline.com/common/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
code=[AUTHORIZATION CODE]&
client_id=[APPLICATION ID]&
client_secret=[PASSWORD]&
scope=[SCOPE]&
redirect_uri=[REDIRECT URI]
For Application tokens, you simply skip the authorization code step and POST to the /token endpoint directly:
https://login.microsoftonline.com/{tenantDomain}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&
client_id=[APPLICATION ID]&
client_secret=[PASSWORD]&
scope=https://graph.microsoft.com/.default

Graph API - Create Application with authorization_code token

I'm trying to register an application in Azure AD using Graph API with an oauth token obtained with the Authorization Code grant type. I can do it with Client Credentials, but not with Authorization Code. With the latter I can list applications, but not create them.
Here's the permissions I've set in the application:
And here's what I set in postman to get the token:
I get the token just fine and I can list the applications, but when I try to create a new one through the endpoint 'POST https://graph.microsoft.com/v1.0/applications' I get the following response:
Anyone knows why this is happening? Thanks!

According to the last screenshot you provided, it seems the process stopped at login page(the response body is the html of login page) when do authorization code flow.
I test it in my side(also in postman) but it works fine, below is my configuration in postman for your reference:
Although I didn't reproduce your problem in my test, but I can provide you some information about authorization code backend request to know what does the response in your postman mean.
When we do authorization code flow(not in postman) to get access token, there are two steps. First we need to request the url https://login.microsoftonline.com/{tenantId or commone}/oauth2/authorize?resource=https://graph.microsoft.com&client_id={clientId}&response_type=code&redirect_uri=https://hurytest&response_mode=query in your browser like below screenshot.
We can find the content in the red box in screenshot above is same to the response you get in postman. So I think the process stopped here(which is the first step of authorization code flow).
Second step, we need to input username and password into the login page. It will redirect to another page like below screenshot.
Copy the code after code= in the above screenshot and then use the code in below request to get access token.
In a word, I didn't reproduce your problem in my postman. But the backend request in your postman may stopped in the first step(login page) of authorization code flow which I mentioned above. So please check if you configured correct in postman. If still doesn't work, you can do authorization code flow by the two steps I provided to get the access token.

"AADSTS900144: The request body must contain the following parameter: 'grant_type'.?

I built an app in my Azure ad b2c tenant and configured it as shown, but why can't I request an access token in postman?
app registration
API permissions
postman screenshot
Here are the links to the two documents I follow：
Register a Microsoft Graph application
Get access without a user

One thing I noticed is that the parameters for the token request should be in the body as form parameters, like this:
You should use the parameters you've defined here though, this screenshot shows a test request for the ROPC flow so the parameters in the picture are not valid for your use case.
So instead of entering the parameters in Params, enter them in Body tab after selecting x-www-form-urlencoded as the type.

Please input the params in "Body" tab of your postman but not "Params" tab. Shown as below screenshot.

In order to get token you need to pass grant_type in request body and value should be password.
For example
Method Post: https://login.microsoftonline.com/YourTenantID/oauth2/v2.0/token
And in body you need to ppass
client_id : Your app client ID
scope: user.read%20openid%20profile%20offline_access
username: Your username
password: your password
grant_type: password
client_secret: you app registration secret

I tried many times to put into body with JSON format or in parameter or put into Parameters, but I did not work. And it works for me when I put into Body with type is x-www-form-urlendcoded.
[Image]: https://i.stack.imgur.com/tguZc.png

Azure active directory using loginwithazureactivedirectory and expressmode

we want to use azure active directory for function app authetication after enabling azureactive directory express mode.we have selected loginwithazureactivedirectory option.
when we are hitting function through postman it is giving html of log in screen of micro soft.
with out that sceen cant we access the fucntion app uRL.
Please find the below screen for your reference
Any help is appreciated on this

After you successfully configure Azure AD for your web app, you need to use the access token to access your application.
I get an access token from AAD using clientID and clientSecret using the following code:
METHOD: POST
Url : https://login.microsoftonline.com/your directory ID/oauth2/token
HEADERS: Content-Type : application/x-www-form-urlencoded
BODY: grant_type+=client_credentials&resource+=”your Function url”&client_id+++++=”the application that your register id”&client_secret+=”the key you create”
Please note that according to the Azure Resources
portal(https://resources.azure.com/), the default allowedAudiences is
"https://{functionAppName}.azurewebsites.net/.auth/login/aad/callback"
So I add the https://{functionAppName}.azurewebsites.net/ as allowed
aduiences
enter image description here
Then I can use the access token directly. I test it with postman.
enter image description here
Please note that if your azure function authentication level is not
anonymous, you need to add the function key

Azure active directory authentication Function App

I am doing azure active directory authentication for function app by following below URL
https://www.c-sharpcorner.com/article/secure-azure-function-with-azure-ad/
But when i hitting my url through function app
It is giving unauthorized do i need to do anything else
please find the below screen shots.
any help is appreciated

We could use the access token to access your Azure function API directly if your azure function authentication level is anonymous or function key is also required. The detailed steps are as below.
Configure Azure AD for Azure Function. Please refer to https://learn.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-azure-function-app-settings#auth.
Get Access token
I get an access token from AAD using clientID and clientSecret using the following code:
METHOD: POST
Url : https://login.microsoftonline.com/your directory ID/oauth2/token
HEADERS: Content-Type : application/x-www-form-urlencoded
BODY: grant_type+=client_credentials&resource+=”your Function url”&client_id+++++=”the application that your register id”&client_secret+=”the key you create”
Please note that according to the Azure Resources portal (https://resources.azure.com/), the default allowedAudiences is
https://{functionAppName}.azurewebsites.net/.auth/login/aad/callback
So I added the https://{functionAppName}.azurewebsites.net/ as allowed audiences.
Then I can use the access token directly. I tested it with Postman:
Please note that if your azure function authentication level is not anonymous, you need to add the function key