为什么我的Azure AD应用程序无权授予免费产品?

时间:2018-08-13 20:27:30

标签: azure azure-active-directory windows-10-universal

我正在关注Grant free products文档。我的目标是向Microsoft Store应用程序的现有用户授予免费的IAP。

首先,我需要生成一个令牌以传递给客户端,以便它可以使用它来创建Microsoft Store ID客户端。我每15分钟执行一次。这是我生成此ID的方法:

## POST location:
https://login.microsoftonline.com/[...snip...]/oauth2/token

## Headers:
{
  'User-Agent': 'python-requests/2.19.1',
  'Accept-Encoding': 'gzip, deflate',
  'Accept': '*/*',
  'Connection': 'keep-alive',
  'Content-Length': '222',
  'Content-Type': 'application/x-www-form-urlencoded'
}

## Body:
grant_type=client_credentials
&client_id=[...snip...]
&client_secret=[...snip...]
&resource=https%3A%2F%2Fonestore.microsoft.com%2Fb2b%2Fkeys%2Fcreate%2Fpurchase

我得到了一个看起来有效的令牌,并将其传递给客户端。然后,客户端会成功生成一个Microsoft Store ID,并将其传递回我的服务。

在服务中,我生成了另一个令牌:

## POST location:
https://login.microsoftonline.com/[...snip...]/oauth2/token

## Headers:
{
  'User-Agent': 'python-requests/2.19.1',
  'Accept-Encoding': 'gzip, deflate',
  'Accept': '*/*',
  'Connection': 'keep-alive',
  'Content-Length': '189',
  'Content-Type': 'application/x-www-form-urlencoded'
}

## Body:
grant_type=client_credentials
&client_id=[...snip...]
&client_secret=[...snip...]
&resource=https%3A%2F%2Fonestore.microsoft.com

使用此令牌和Microsoft Store ID,我尝试授予免费产品:

## POST location:
https://purchase.mp.microsoft.com/v6.0/purchases/grant

## Headers:
{
  'User-Agent': 'python-requests/2.19.1',
  'Accept-Encoding': 'gzip, deflate',
  'Accept': '*/*',
  'Connection': 'keep-alive',
  'Authorization': 'Bearer eyJ[...snip..]', # Generated in the preceding step
  'Content-Type': 'application/json',
  'Host': 'purchase.mp.microsoft.com',
  'Content-Length': '1837'
}

## Body:
{
  "b2bKey": "eyJ0eXA[...snip...]", # Microsoft Store ID generated client-side
  "availabilityId": "9S2VX8BJ70P6", # retrieved client-side
  "productId": "9ND65B119C8N", # the Store ID of a free in-app purchase
  "skuId": "0010", # retrieved client-side
  "language": "en-us",
  "market": "ca",
  "orderId": "7a75b5a2-060d-46a1-b5d3-cec646303b52" # new UUID each request
}

此请求将收到包含以下内容的401响应:

  {
    "code":"Unauthorized",
    "data":[],
    "details":[],
    "innererror":{
      "code":"ClientIdNotAuthorized",
      "data":["ClientId","[...snip...]"],
      "details":[],
      "message":"The client id specified in request is not authorized to use this resource",
      "source":"PurchaseFD"
    },
    "message":"The client is not authorized to perform the requested operation.",
    "source":"PurchaseFD"
  }

关联的Azure AD应用程序已注册到Windows Developer仪表板中的dev帐户。根据文档,它具有以下identifierUris部分:

"identifierUris": [
  "https://onestore.microsoft.com/b2b/keys/create/purchase",
  "https://onestore.microsoft.com/b2b/keys/create/collections",
  "https://onestore.microsoft.com/"
],

我尝试过的事情:

当我将skuId或AvailabilityId更改为垃圾值时,出现“找不到请求的目录产品数据” 400错误,这表明我的授权令牌至少对某些 有效。 ...

使用完全相同的令牌将POST发送到https://purchase.mp.microsoft.com/v8.0/b2b/recurrences/query(紧随these docs之后),结果是200 OK响应,内容为{"items":[]}

我在做什么错了?

1 个答案:

答案 0 :(得分:0)

来自Microsoft的某人:

  

对不起,您遇到此问题。这个问题显然是由上周修复的服务端错误引起的。[...]。

相关问题
最新问题