本文介绍了Azure AD B2C自定义策略返回“收到无效的OAuth响应”对于第三方OAuth2 IdP的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

您好,我们正在尝试使用OAuth为第三方IdP(grean.com)创建自定义政策。



我们尝试过此提供商在其他情况下它工作正常,虽然我们无法使其作为自定义策略IdP工作。



我们收到此错误(在App Insight中跟踪):



Hi, we are trying to create a custom policy for a 3rd party IdP (grean.com) with OAuth.

We have tried this provider in other scenarios and it works fine, although we can't get it to work as a custom policy IdP.

We get this error (traced in App Insight):

{"Kind":"Handled","HResult":"80131500","Message":"An invalid OAuth response was received: \"{0}\".","Data":{},"Exception":{"Kind":"Handled","HResult":"80004003","Message":"Value cannot be null.\r\nParameter name: uriString","Data":{}}}

所以看起来返回json有问题吗?我尝试比较对Facebook的响应,手动执行所有调用,看起来一样。索引提供程序如下所示:

So it seems like the return json is something wrong with? I tried compare the responses to Facebook doing all the calls manually and it looks the same. Here is how the claim provider looks like:

<ClaimsProvider>
  <Domain>someting.grean.id</Domain>
  <DisplayName>EasyId</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="EASYID-OAUTH">
      <DisplayName>EasyId</DisplayName>
      <Protocol Name="OAuth2" />
      <Metadata>
        <Item Key="ProviderName">easyid</Item>
        <Item Key="authorization_endpoint">https://something.grean.id/oauth2/authorize?acr_values=urn:grn:authn:se:bankid:another-device</Item>
        <Item Key="AccessTokenEndpoint">https://something.grean.id/oauth2/token</Item>
        <Item Key="ClaimsEndpoint">https://openpayments.grean.id/oauth2/userinfo</Item>
        <Item Key="acr_values">urn:grn:authn:se:bankid:another-device</Item>
        <Item Key="HttpBinding">POST</Item>
        <Item Key="UsePolicyInRedirectUri">0</Item>
        <Item Key="client_id">our clint id</Item>
        <Item Key="scope">code openid</Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="client_secret" StorageReferenceId="B2C_1A_EasyIdSecret" />
      </CryptographicKeys>
      <InputClaims />
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="ssn" />
        <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="givenname" />
        <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="surname" />
        <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
        <OutputClaim ClaimTypeReferenceId="email" DefaultValue="[email protected]" />
        <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="easyid" />
        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
      </OutputClaims>
      <OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
        <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
        <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
      </OutputClaimsTransformations>
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

并且在返回之后令牌中看起来像这样(带邮递员):

And in the token looks like this after returned (with postman):

{
    "token_type": "Bearer",
    "expires_in": "120",
    "id_token": "eyJ0eXAiOiJKV1QiLCJhbGci...",
    "access_token": "9855e49b-362e-47da-9ef7-973492ab7cf4"
}


但是响应仍然是收到了无效的OAuth响应

But the response is still An invalid OAuth response was received

我们做错了什么想法?

谢谢!

推荐答案

你能否分享一下帮助你解决问题的方法?

Could you please share what helped you with its resolution?


这篇关于Azure AD B2C自定义策略返回“收到无效的OAuth响应”对于第三方OAuth2 IdP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-25 01:23