Microsoft OAuth2

README.md

@@ -137,6 +137,7 @@ Although OAuthKit will automatically try to load the `oauth.json` file found ins
 	* **Important**: When creating a Google OAuth2 application from the [Google API Console](https://console.developers.google.com/) create an OAuth 2.0 Client type of Web Application (not iOS).
 * [Instagram](https://developers.facebook.com/docs/instagram-basic-display-api/guides/getting-access-tokens-and-permissions)
 * [Microsoft](https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow)
+    * **Important**: When registering an application inside the [Microsoft Azure Portal](https://portal.azure.com/) it's important to choose a **Redirect URI** as **Web** otherwise the `/token` endpoint will return an error when sending the `client_secret` in the body payload.
 * [Slack](https://api.slack.com/authentication/oauth-v2)
 * [Twitter](https://developer.x.com/en/docs/authentication/oauth-2-0)
 

Sources/OAuthKit/OAuth.swift

@@ -436,22 +436,24 @@ public extension OAuth {
     func requestAccessToken(provider: Provider, code: String) async -> Result<Token, OAError> {
         // Publish the state
         publish(state: .requestingAccessToken(provider))
-        guard var urlComponents = URLComponents(string: provider.accessTokenURL.absoluteString) else {
-            publish(state: .empty)
-            return .failure(.malformedURL)
-        }
-        var queryItems = [URLQueryItem]()
-        queryItems.append(URLQueryItem(name: "client_id", value: provider.clientID))
-        queryItems.append(URLQueryItem(name: "client_secret", value: provider.clientSecret))
-        queryItems.append(URLQueryItem(name: "code", value: code))
-        queryItems.append(URLQueryItem(name: "redirect_uri", value: provider.redirectURI))
-        queryItems.append(URLQueryItem(name: "grant_type", value: "authorization_code"))
-        urlComponents.queryItems = queryItems
-        guard let url = urlComponents.url else {
+
+        guard let url = URL(string: provider.accessTokenURL.absoluteString) else {
             publish(state: .empty)
             return .failure(.malformedURL)
         }
+
+        var urlComponents = URLComponents()
+        urlComponents.queryItems = [
+            URLQueryItem(name: "client_id", value: provider.clientID),
+            URLQueryItem(name: "client_secret", value: provider.clientSecret),
+            URLQueryItem(name: "code", value: code),
+            URLQueryItem(name: "redirect_uri", value: provider.redirectURI),
+            URLQueryItem(name: "grant_type", value: "authorization_code")
+        ]
+
+        // Encode the url components as 'application/x-www-form-urlencoded' body
         var request = URLRequest(url: url)
+        request.httpBody = urlComponents.query?.data(using: .utf8)
         request.httpMethod = "POST"
         request.setValue("application/json", forHTTPHeaderField: "Accept")
         guard let (data, _) = try? await urlSession.data(for: request) else {

Tests/OAuthKitTests/Resources/oauth.json

@@ -21,8 +21,21 @@
         "clientSecret": "CLIENT_SECRET",
         "redirectURI": "https://github.com/codefiesta/",
         "scope": [
-            "https://www.googleapis.com/auth/userinfo.email",
-            "https://www.googleapis.com/auth/userinfo.profile",
+            "email",
+            "profile",
+            "openid"
+        ]
+    },
+    {
+        "id": "Microsoft",
+        "authorizationURL": "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize",
+        "accessTokenURL": "https://login.microsoftonline.com/consumers/oauth2/v2.0/token",
+        "clientID": "CLIENT_ID",
+        "clientSecret": "CLIENT_SECRET",
+        "redirectURI": "https://github.com/codefiesta/",
+        "scope": [
+            "email",
+            "profile",
             "openid"
         ]
     }