本文介绍了"不支持访问许可authorization_ code"从使用OAuth 2的Azure AD的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在C格兰特流的授权$ C $的中间,提供Azure的广告。尽管文件称 grant_type authorization_ code ,我收到一条错误信息有关此属性

I am in the middle of an Authorization Code Grant Flow with Azure AD. Even though the documentation says the grant_type should be authorization_code, I am getting an error message about this property.

POST https://login.windows.net/SOME_AZURE_AD_UUID/oauth2/token?api-version=1.0
Content-Type: application/x-www-form-urlencoded

client_id=SECRET_CLIENT_ID
&client_secret=SECRET_CLIENT_SECRET
&code=SECRET_CODE
&grant_type=authorization_code
&redirect_uri=https://myserver.example.com/login/auth_return
&resource=https://myserver.example.com/
&scope=openid email

修改:空白为清楚起见加)

(edit: whitespace added for clarity)

错误我取回:

HTTP/1.1 400 Bad request
Content-Length: 436
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Request-Id: SOME_REQUEST_ID
X-Ms-Request-Id: SOME_REQUEST_ID
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: x-ms-gateway-slice=slicea; path=/; secure; HttpOnly, stsservicecookie=acs; path=/; secure; HttpOnly
Server: Microsoft-IIS/8.0
Cache-Control: private
Date: Wed, 20 Aug 2014 14:44:08 GMT
Content-Type: application/json; charset=utf-8

{
  "correlation_id": "SOME_CORRELATION_ID",
  "error": "unsupported_grant_type",
  "error_codes": [
    70003
  ],
  "error_description": "
    ACS70003: The access grant 'authorization_code' is not supported.\r\n
    Trace ID: SOME_TRACE_UUID\r\n
    Correlation ID: SOME_CORRELATION_ID\r\n
    Timestamp: 2014-08-20 14:44:08Z",
  "timestamp": "2014-08-20 14:44:08Z",
  "trace_id": "SOME_TRACE_UUID"
}

(空白为清楚起见加)

此请求没有工作,如果我改变 grant_type client_credentials (但我还没有找到一种方法,使用导致令牌我需要的东西)。它也可以,如果我改变了一些网址,指向谷歌,而不是Azure的广告。

This request does work if I change grant_type to client_credentials (but I have not found a way to use the resulting token for what I need). It also works if I change some URLs to point to Google instead of Azure AD.

有这些要求的错误还是服务真的不支持记录 grant_type authorization_ code

Is there a mistake with these requests or does the service genuinely not support the documented grant_type of authorization_code?

推荐答案

这是一个错误,我相信,我花了2-3天的数字出来。请执行下列操作来得到它的工作,

This is a bug I believe, and it took me 2-3 days to figure it out. Please do the following to get it working,

1)从您的网址中删除?API版本= 1.0。我知道这听起​​来很奇怪,但相信我,他们的文档是一个烂摊子。

1) Remove the "?api-version=1.0" from your URL. I know it sounds strange but trust me their documentation is a mess.

2)添加一个内容类型:应用程序/ x-WWW的形式urlen codeD头在你的要求(因此你必须连接code后的数据值..例如REDIRECT_URL =(EN codedURL)等

2) Add a "Content-Type": "application/x-www-form-urlencoded" header in your request (hence you'll have to encode the post data values ... for example redirect_url=(encodedURL) etc

3)从数据后 REFER 。 ..它应该像

3) Remove unnecessary fields from post data REFER ... it should be like

{
    'grant_type': "authorization_code",
    'resource': "your resource",
    'client_id': "your client Id",
    'redirect_uri': "your redirect URL",
    'client_secret': "your client secret",
    'code': "the code u got"
}

我看你做了2点,所以你需要做的第1点,你是好去。

I see you have done point 2 so you'll need to do point 1 and you're good to go.

此外,如果你想获得access_token快(如果没有我说的对你的作品),然后通过client_credentials在grant_type,你会得到与access_token较小的响应。但是,如果你想与refresh_token完整的响应,同时,你必须做的所有这些步骤。

Furthermore, if you want to get access_token quickly(if nothing I said works for you), then pass "client_credentials" in grant_type and you'll get a smaller response with access_token. But if you want the complete response with refresh_token as well, you'll have to do all those steps.

修改:还有一个错误,在他们的文档,用于刷新令牌>>>网址应为 oauth2 /标记和NOT oauth2 /授权

EDIT:There is one more mistake in their documentation, for Refresh Tokens >>> the URL should be oauth2/token and NOT oauth2/authorize

希望这有助于!

这篇关于"不支持访问许可authorization_ code"从使用OAuth 2的Azure AD的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-01 19:01