Skip to content

Requesting an OAuth Token on Linux

Introduction

In the realm of modern application development and secure data access, OAuth 2.0 has become a vital standard. It is particularly pivotal in the context of Microsoft 365, where it empowers applications to securely access resources on behalf of users or the application itself without revealing sensitive credentials. This article explores the fundamentals of OAuth 2.0 tokens within the Microsoft 365 ecosystem, demonstrates how to request a token using the command-line tool wget on a Linux system, and provides a sample Bash script for your convenience.

OAuth 2.0 Tokens

OAuth 2.0, an industry-standard authorization protocol, is at the heart of secure data access in Microsoft 365. It functions as the intermediary that facilitates secure interactions between applications and services. The key principle is the delegation of access, allowing an application to obtain limited access to specific resources without exposing user credentials.

Two types of tokens play a crucial role in OAuth 2.0:

  1. Access Tokens: These are short-lived tokens that grant access to specific resources, like a user’s mailbox or calendar. They are used in API requests to access protected resources.
  2. Refresh Tokens: While access tokens are short-lived, refresh tokens have a longer lifespan. They can be used to obtain a new access token when the current one expires without requiring the user to re-enter their credentials.

Requesting an OAuth 2.0 Token with wget

You can use the wget command-line utility to request an OAuth 2.0 token from the Microsoft 365 authentication endpoint. Here’s a breakdown of the script:

#!/bin/bash
# Specify the authentication details for your application
tenant_id="your_tenant_id"
client_id="app_clientid"
client_secret="app_secret"
# Specify the Microsoft 365 authentication endpoint URL
token_url="https://login.microsoftonline.com/${tenant_id}/oauth2/token"
# Specify the scope for accessing Microsoft Graph
scope="https://graph.microsoft.com/.default"
# Create the POST data for the token request
post_data="grant_type=client_credentials&client_id=${client_id}&client_secret=${client_secret}&scope=${scope}"
# Use wget to make the token request
wget --header="Content-Type: application/x-www-form-urlencoded" --post-data="$post_data" -O - "$token_url"

In this script:

  • tenant_id represents your Microsoft 365 tenant ID.
  • client_id corresponds to your application’s client ID.
  • client_secret is your application’s secret.
  • token_url is the URL of the Microsoft 365 authentication endpoint.
  • scope defines the scope of your request, specifying the Microsoft Graph API.

The post_data variable encapsulates the necessary information for the token request, including the grant type, client ID, client secret, and scope.

Finally, wget is used to make the POST request to the token endpoint. Upon successful authentication and authorization, Microsoft 365 returns an access token that can be used to access the specified resources.

Lionel TRAVERSE
Microsoft 365 Certified Administrator Expert
Microsoft Certified Trainer
lionel.traverse@admin365.fr