我使用V1以获得来自Microsoft REST API的令牌.(我们有Office 365租户,我曾经成功获得所有资源,但没有任何问题.
clientId =8a67......de4b6
clientSecret =J58k8....5EU=
redirectUri =http://example.com...
resourceUrl =https://graph.microsoft.com
authority = https://login.microsoftonline.com/f02633....a603/oauth2/token
https://login.microsoftonline.com/f0263...0be3/oauth2/authorize?client_id=8a6..b6&redirect_uri=http://example.com&response_type=code&scope=mail.read
它给了我一个在JWT上结构如下的令牌.它表示无效签名但不确定是什么问题.
一旦我有了令牌,我就尝试了下面的卷曲调用
curl -i https://graph.microsoft.com/v1.0/me/messages -H 'Content-Type: application/x-www-form-urlencoded' -H 'Authorization: Barer eyJ.[TOKEN]...UNa6nfw'
而不是消息,我收到以下错误:
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8Cl23
Server: Microsoft-IIS/8.5
request-id: af2390b1-a9b...5ab9
client-request-id: af2390,....a615ab9
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West US","Slice":"SliceA","ScaleUnit":"000","Host":"AGSFE_IN_4","ADSiteName":"WST"}}
X-Powered-By: ASP.NET
Date: Thu, 19 Jan 2017 23:55:43 GMT
Content-Length: 268
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: -2147184105",
"innerError": {
"request-id": "af2390b1-...5ab9",
"date": "2017-01-19T23:55:44"
}
}
}
我在SO上查看了类似的问题,但找不到任何解决方案.
首先,将更加光秃的authorization报头是拼写错误.正确的参数应该是这样的authorization: bearer {access_token}.
其次,您似乎正在使用Azure V1.0端点和V2.0端点进行混合.如果您使用V1.0端点开发哪些应用程序是从Azure门户抵制的,那么当我们获取访问令牌时,我们需要指定资源参数而不是范围.
该范围参数用于哪些应用从抵制Azure的V2.0端点在这里.
Azure AD的授权终结点如下所示:
V1.0:
https://login.microsoftonline.com/{tenant}/oauth2/authorize
V2.0:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
有关Azure AD的代码授予流程的更多详细信息,您可以参考以下链接:
使用OAuth 2.0和Azure Active Directory授权访问Web应用程序
v2.0协议 - OAuth 2.0授权代码流程
京公网安备 11010802040832号 | 京ICP备19059560号-6 