Access token for Microsoft Graph API is immediately expired

Question

I'm following this guide to authenticate to the Microsoft Graph API, and using Postman I can POST to the /token endpoint successfully get a token:

Now, copying that token and pasting it into Authorization: Bearer {{token}} , I try to make a request to https://graph.windows.net/my-tenant/me?api-version=1.6/ , but the response I get says

{
    "odata.error": {
        "code": "Authentication_ExpiredToken",
        "message": {
            "lang": "en",
            "value": "Your access token has expired. Please renew it before submitting the request."
        },
        "date": "2018-05-23T08:05:10",
        "requestId": "f56bcd26-4314-41c6-81b6-e6540aa7b0ae",
        "values": null
    }
}

How can the token I just created be expired?

Answer 1

I doubt the token is expired, the message seems off.

You are trying to call Azure AD Graph API with a token for MS Graph API. Change your scope to https://graph.windows.net/.default , or call https://graph.microsoft.com/v1.0/me .

Also, you cannot call the /me endpoint after using client credentials flow. There is no signed in user. You have to use /users/object-id-or-upn

Answer 2

For others experiencing this issue in the future: this issue also happens if there is a GUID in your initial token request with CAPITAL letters in it. The endpoint will accept and issue a token, but for any resource the comparison breaks. So, use small caps in your guids :)