InvalidAuthenticationToken - CompactToken 解析失败，错误代码:-2147184105

本文介绍了InvalidAuthenticationToken - CompactToken 解析失败，错误代码:-2147184105的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在使用 V1 以获得来自 Microsoft REST API 的令牌.(我们有 Office 365 租户，我曾经成功获取所有资源，没有任何问题，但现在没有了.

I am using V1 in order to have a token from Microsoft REST API. (We have Office 365 tenant and I used to successfully get all resources without any problem but not anymore.

clientId =8a67......de4b6
clientSecret =J58k8....5EU=
redirectUri =http://example.com...
resourceUrl =https://graph.microsoft.com
authority = https://login.microsoftonline.com/f02633....a603/oauth2/token

https://login.microsoftonline.com/f0263...0be3/oauth2/authorize?client_id=8a6..b6&redirect_uri=http://example.com&response_type=code&scope=mail.read

它给了我一个标记为 follows on JWT.它说签名无效，但不确定是什么问题.

It gave me a token structured as follows on JWT. It says invalid signature but not sure what is wrong.

获得令牌后，我尝试了以下 curl 调用

Once I have the token, I tried the following curl call

curl -i https://graph.microsoft.com/v1.0/me/messages -H 'Content-Type: application/x-www-form-urlencoded' -H 'Authorization: Barer eyJ.[TOKEN]...UNa6nfw'

我收到以下错误，而不是消息:

Instead of the messages, I received the following error:

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8Cl23
Server: Microsoft-IIS/8.5
request-id: af2390b1-a9b...5ab9
client-request-id: af2390,....a615ab9
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West US","Slice":"SliceA","ScaleUnit":"000","Host":"AGSFE_IN_4","ADSiteName":"WST"}}
X-Powered-By: ASP.NET
Date: Thu, 19 Jan 2017 23:55:43 GMT
Content-Length: 268

{
  "error": {
    "code": "InvalidAuthenticationToken",
    "message": "CompactToken parsing failed with error code: -2147184105",
    "innerError": {
      "request-id": "af2390b1-...5ab9",
      "date": "2017-01-19T23:55:44"
    }
  }
}

我查看了关于 SO 的类似问题，但找不到任何解决方案.

I looked at similar questions on SO but couldn't find any solution.

推荐答案

首先，authorization header的Barer是错字.正确的参数应该是 authorization: bearer {access_token}.

First, the Barer of authorization header is a typo. The correct parameter should be like authorization: bearer {access_token}.

其次，您似乎在混合使用 Azure V1.0 端点和 V2.0 端点.如果您使用 V1.0 端点开发哪些应用程序被 Azure 门户拒绝，当我们获取访问令牌时，我们需要指定 resource 参数而不是 scope.

Second, it seems that you were mixing using the Azure V1.0 endpoint and V2.0 endpoint. If you were developing with V1.0 endpoint which apps were resisted from Azure portals, when we acquire the access token we need to specify the resource parameter instead of scope.

scope 参数用于 Azure V2.0 端点，从 here.

The scope parameter is used for Azure V2.0 endpoint which apps are resisted from here.

Azure AD 的授权端点如下所示:

And the authorization endpoint for Azure AD likes below:

V1.0:

https://login.microsoftonline.com/{tenant}/oauth2/authorize

V2.0:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?

有关 Azure AD 的代码授权流程的更多详细信息，您可以参考以下链接:

More detail about the code grant flow with Azure AD, you can refer links below:

授权访问网络使用 OAuth 2.0 和 Azure Active Directory 的应用程序

v2.0 协议 - OAuth 2.0 授权代码流程

这篇关于InvalidAuthenticationToken - CompactToken 解析失败，错误代码:-2147184105的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！