问题描述
我使用此URL来获取id_token:
I use this URL to get id_token:
https://login.microsoftonline.com/common/oauth2/authorize?
response_type=id_token%20code&
client_id=MY_CLIENT_GUID_ID_IN_HERE&
redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fopenid%2Freturn&nonce=alfaYYCTxBK8oypM&
state=6DnAi0%2FICAWaH14e
这样的返回结果
http://localhost:3000/auth/openid/return?
code=AAA_code_in_here&
id_token=eyJ0eXAi_xxxx_yyyy_in_here&
state=6DnAi0%2FICAWaH14e&
session_state=xxxx_guid_xxxxx
然后使用 id_token 查询Graph(使用POST man)
and then i use the id_token to query Graph (use POST man)
我看到了此帖子 InvalidAuthenticationToken和CompactToken问题-Microsoft使用PHP Curl绘制图形,但没有任何意义.
i have see this post InvalidAuthenticationToken and CompactToken issues - Microsoft Graph using PHP Curl but make no sense.
推荐答案
OATH 2.0需要多个步骤.第一个请求返回一个OAUTH代码.下一步是将OATUH代码转换为Bearer令牌.这是您在这里缺少的步骤.
OATH 2.0 requires multiple steps. The first request returns an OAUTH Code. The next step is converting that OATUH code into a Bearer Token. This is the step you are missing here.
我还建议您使用很多 v2端点更容易使用(尤其是使用Graph).我写了一个 v2终结点入门,它对整个过程进行了介绍,也可能会有所帮助.
I would also recommend using the v2 Endpoint which is a lot easier to work with (particularly with Graph). I wrote a v2 Endpoint Primer that walks through the process and may be helpful as well.
这篇关于Microsoft Graph API访问令牌验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!