无法获取守护程序应用程序Office 365的访问令牌

时间:2015-05-04 14:08:43

标签: rest go office365

我已关注博客http://blogs.msdn.com/b/exchangedev/archive/2015/01/22/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx来创建守护程序应用程序。我能够获得我已注册该应用程序的域的应用程序唯一令牌。但是当我试图去其他组织时,它会抛出一个错误 “

{"error":"invalid_client","error_description":"AADSTS70002: Error validating cre
dentials. AADSTS50012: Client assertion audience claim does not match Realm issu
er.\r\nTrace ID: 09e025f5-7db9-46c3-9df9-574c6820a011\r\nCorrelation ID: f4d0fa5
7-ee8c-4443-b28b-d372d945f81f\r\nTimestamp: 2015-05-04 13:51:51Z","error_codes":
[70002,50012],"timestamp":"2015-05-04 13:51:51Z","trace_id":"09e025f5-7db9-46c3-
9df9-574c6820a011","correlation_id":"f4d0fa57-ee8c-4443-b28b-d372d945f81f","subm
it_url":null,"context":null}"

但我已将该应用程序配置为多租户。

这是我提出的要求

request https://login.windows.net/<tenantId>/oauth2/to
ken
grant_type=client_credentials
redirect_uri=http://localhost.com:9000
resource=https://outlook.office365.com/
client_assertion_type =urn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertion="eyJhbGciOiJSUzI1NiIsIng1dCI6IjZlLzEra01scHhuTHArZFJ4d1BqS21EdmZCQT0ifQ.eyJhdWQiOiJodHRwczovL2xvZ2luLndpbmRvd3MubmV0L2ZmNjQxNTFmLTIwM2EtNGM0MC1hZDcxLTExOTE2YjY2Yzg3My9vYXV0aDIvdG9rZW4iLCJleHAiOjE0MzEwMDYzMDMsImlzcyI6ImFkMTkzY2I1LWU2NmUtNDdmNS1iMTc4LTQxM2NlODA3ZDg2YiIsImp0aSI6IjMyMDZiYWI5LTVmYmUtNDA3ZS02OWY2LTJlNGRjNDQ3NzQxYSIsIm5iZiI6MTQzMTAxMTMwMywic3ViIjoiYWQxOTNjYjUtZTY2ZS00N2Y1LWIxNzgtNDEzY2U4MDdkODZiIn0.eEOlhsl-vbdzIiV3AfGFOH187Yb8zpGSGm6RbMhDX4NRJbwOWjJr3eFK3rGXSkl1vhSfJ_oFc69pB1AGfUK8u_SWRl7U3GgH3EJryE-FiVluCQ-ONZ3Qj1u6VggXgTodi0bdvhQF4WlwazXmJGbpeVRUZBm2rlTcd8JtQY96sOu1CRDpZJOFnHzjqleVdrnw8_pNVUafwlnaosRT9tOIgiK9apjN_KY5JMM1QTYKhKk5ZApjmr8agTZpObdz-_Y9znjaSxQcYkFnQeCGc-qwISzH1OqG_7JbCDq6Dp1-oBU5sJneJaF6IxX8-sWyaju3ntMWQyINeuHnRCoPrlp2tg"

这是我创造的断言

token.Header["alg"] = "RS256"
    token.Header["x5t"] = "thumbprint of certificate "
    token.Claims["aud"] = "https://login.windows.net/" + TenantId + "/oauth2/token"
    token.Claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
    token.Claims["iss"] = client_id
    token.Claims["jti"] = some guid 
    token.Claims["nbf"] = (time.Now().Add(time.Hour * 72).Unix()) + 5000
    token.Claims["sub"] = client_id

请告诉我该做什么,这样我就可以获得其他组织域名的访问令牌。 提前致谢

0 个答案:

没有答案