问题描述
您好,我们正在尝试使用OAuth为第三方IdP(grean.com)创建自定义政策。
我们尝试过此提供商在其他情况下它工作正常,虽然我们无法使其作为自定义策略IdP工作。
我们收到此错误(在App Insight中跟踪):
Hi, we are trying to create a custom policy for a 3rd party IdP (grean.com) with OAuth.
We have tried this provider in other scenarios and it works fine, although we can't get it to work as a custom policy IdP.
We get this error (traced in App Insight):
{"Kind":"Handled","HResult":"80131500","Message":"An invalid OAuth response was received: \"{0}\".","Data":{},"Exception":{"Kind":"Handled","HResult":"80004003","Message":"Value cannot be null.\r\nParameter name: uriString","Data":{}}}
所以看起来返回json有问题吗?我尝试比较对Facebook的响应,手动执行所有调用,看起来一样。索引提供程序如下所示:
So it seems like the return json is something wrong with? I tried compare the responses to Facebook doing all the calls manually and it looks the same. Here is how the claim provider looks like:
<ClaimsProvider>
<Domain>someting.grean.id</Domain>
<DisplayName>EasyId</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="EASYID-OAUTH">
<DisplayName>EasyId</DisplayName>
<Protocol Name="OAuth2" />
<Metadata>
<Item Key="ProviderName">easyid</Item>
<Item Key="authorization_endpoint">https://something.grean.id/oauth2/authorize?acr_values=urn:grn:authn:se:bankid:another-device</Item>
<Item Key="AccessTokenEndpoint">https://something.grean.id/oauth2/token</Item>
<Item Key="ClaimsEndpoint">https://openpayments.grean.id/oauth2/userinfo</Item>
<Item Key="acr_values">urn:grn:authn:se:bankid:another-device</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="UsePolicyInRedirectUri">0</Item>
<Item Key="client_id">our clint id</Item>
<Item Key="scope">code openid</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_EasyIdSecret" />
</CryptographicKeys>
<InputClaims />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="ssn" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="givenname" />
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="surname" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="email" DefaultValue="[email protected]" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="easyid" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
并且在返回之后令牌中看起来像这样(带邮递员):
And in the token looks like this after returned (with postman):
{
"token_type": "Bearer",
"expires_in": "120",
"id_token": "eyJ0eXAiOiJKV1QiLCJhbGci...",
"access_token": "9855e49b-362e-47da-9ef7-973492ab7cf4"
}
但是响应仍然是收到了无效的OAuth响应
But the response is still An invalid OAuth response was received
我们做错了什么想法?
谢谢!
推荐答案
你能否分享一下帮助你解决问题的方法?
Could you please share what helped you with its resolution?
这篇关于Azure AD B2C自定义策略返回“收到无效的OAuth响应”对于第三方OAuth2 IdP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!