InvalidAuthenticationToken - CompactToken解析失败,错误代码:-2147184105

时间:2017-01-20 00:20:38

标签: azure-active-directory microsoft-graph

我正在使用V1以获得来自Microsoft REST API的令牌。 (我们有Office 365租户,我曾经成功获得所有资源,但没有任何问题。

clientId =8a67......de4b6
clientSecret =J58k8....5EU=
redirectUri =http://example.com...
resourceUrl =https://graph.microsoft.com
authority = https://login.microsoftonline.com/f02633....a603/oauth2/token

https://login.microsoftonline.com/f0263...0be3/oauth2/authorize?client_id=8a6..b6&redirect_uri=http://example.com&response_type=code&scope=mail.read

它在follows上给了我一个结构为JWT的令牌。它表示无效的签名,但不确定是什么问题。

获得令牌后,我尝试了以下卷曲调用

curl -i https://graph.microsoft.com/v1.0/me/messages -H 'Content-Type: application/x-www-form-urlencoded' -H 'Authorization: Barer eyJ.[TOKEN]...UNa6nfw'

我没有收到消息,而是收到了以下错误:

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8Cl23
Server: Microsoft-IIS/8.5
request-id: af2390b1-a9b...5ab9
client-request-id: af2390,....a615ab9
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West US","Slice":"SliceA","ScaleUnit":"000","Host":"AGSFE_IN_4","ADSiteName":"WST"}}
X-Powered-By: ASP.NET
Date: Thu, 19 Jan 2017 23:55:43 GMT
Content-Length: 268

{
  "error": {
    "code": "InvalidAuthenticationToken",
    "message": "CompactToken parsing failed with error code: -2147184105",
    "innerError": {
      "request-id": "af2390b1-...5ab9",
      "date": "2017-01-19T23:55:44"
    }
  }
}

我在SO上查看了类似的问题,但无法找到任何解决方案。

1 个答案:

答案 0 :(得分:6)

首先,<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <title>AngularJS Routing</title> <script> document.write('<base href="' + document.location + '" />'); </script> <link href="style.css" rel="stylesheet" /> <script src="//code.angularjs.org/snapshot/angular.js"></script> <script src="//code.angularjs.org/snapshot/angular-route.js"></script> <script src="app.js"></script> <base href="/" /> </head> <body ng-app="app"> <ul class="nav nav-pills"> <li class="active"><a data-toggle="pill" href="home">Plan</a></li> <li><a data-toggle="pill" href="about">Test</a></li> <li><a data-toggle="pill" href="menu2">Track</a></li> <li><a data-toggle="pill" href="menu3">Organise</a></li> </ul> <div ng-view></div> </body> </html> 标题的 Barer 是拼写错误。正确的参数应该类似于authorization

其次,您似乎正在使用Azure V1.0端点和V2.0端点进行混合。如果您使用V1.0端点开发哪些应用程序是从Azure门户抵制的,那么当我们获取访问令牌时,我们需要指定资源参数而不是范围

范围参数用于Azure V2.0端点,哪些应用来自here

Azure AD的授权终结点如下所示:

V1.0:

authorization: bearer {access_token}

V2.0:

https://login.microsoftonline.com/{tenant}/oauth2/authorize

有关Azure AD的代码授予流程的更多详细信息,您可以参考以下链接:

Authorize access to web applications using OAuth 2.0 and Azure Active Directory

v2.0 Protocols - OAuth 2.0 Authorization Code Flow

相关问题
最新问题