How to fix ADFS missing endpoints

Question

The endpoints /token and /authorize for OAuth2 are not available in AD FS Management -> Services -> Endpoints, making it impossible to use OAuth2 with third-party applications.

The only endpoints related to OAuth2 are:

OAuth2:

• /adfs/oauth2

/adfs/oauth2/deviceauth

OpenID Connect:

/adfs/.well-known/openid-configuration

/adfs/discovery/keys

/adfs/userinfo

All these endpoints are enabled, and the endpoint /adfs/.well-known/openid-configuration returns the following:

"authorization_endpoint": "https://mydomain.com/adfs/oauth2/authorize/",
"token_endpoint": "https://mydomain.com/adfs/oauth2/token/"

However, I cannot access the /authorize and /token endpoints directly.

Is it necessary to install any additional plugins to enable access to these endpoints?The endpoints /token and /authorize for OAuth2 are not available in AD FS Management -> Services -> Endpoints, making it impossible to use OAuth2 with third-party applications.

The only endpoints related to OAuth2 are:

OAuth2:

/adfs/oauth2

/adfs/oauth2/deviceauth

OpenID Connect:

/adfs/.well-known/openid-configuration

/adfs/discovery/keys

/adfs/userinfo

All these endpoints are enabled, and the endpoint /adfs/.well-known/openid-configuration returns the following:

"authorization_endpoint": "https://mydomain.com/adfs/oauth2/authorize/",
"token_endpoint": "https://mydomain.com/adfs/oauth2/token/"

However, I cannot access the /authorize and /token endpoints directly.

Is it necessary to install any additional plugins to enable access to these endpoints?

Answer 1

Hi Juarez,

Even if these endpoints are not explicitly listed under AD FS Management -> Services -> Endpoints, they should be operational if /adfs/oauth2 is enabled.

Have you tried testing the /authorize and /token endpoints with tools like Curl?

Example for /authorize:

curl -X GET "https://mydomain.com/adfs/oauth2/authorize" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=your_client_id&response_type=code&redirect_uri=https://yourapp.com/callback&scope=openid"

Example for /token:

curl -X POST "https://mydomain.com/adfs/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=your_client_id&grant_type=authorization_code&code=auth_code_here&redirect_uri=https://yourapp.

Answer 2

Removing duplicate answer

Answer 3

The error obtained is: "Microsoft.IdentityServer.RequestFailedException: MSIS7065: Não há manipuladores de protocolo registrados no caminho /adfs/oauth2/token para processar a solicitação recebida. em Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)" which basically indicates that the endpoint does not exist.

The /authorize endpoint seems to work, as I am redirected to the ADFS login page and then to the page of my application (which is a debug application) that should display the token.

Answer 4

Hi Juarez,

Apologies for the late reply. I've been checking this on my lab and I just want to confirm the /adfs/oauth2/token as you said is not visible in a default Windows Server 2019 ADFS installation. At this point, it would be better you reach out to our Support for further troubleshooting.

Cheers