好的,我正试图弄清楚这个Microsoft授权API的工作原理。我有一个本机应用程序(iOS)和另一个我打算在后端作为守护进程运行的Web应用程序。两者都在同一个Active Directory中创建。
我使用Native应用程序获取Access Token
并将其传输到后端守护程序应用程序,以使用此flow代表应用程序获取Access Token
现在从后端开始,我发送此请求:
grant_type:urn:ietf:params:oauth:grant-type:jwt-bearer
client_id:840c72c1-52fd-4082-bc99-85765cbd3215
resource:https://graph.microsoft.com
client_secret:CGI3d2V4RH1nmiBxR5EkKjsg+woLBG+9bl+H6Aix46U=
assertion:EwAwA8l6BAAU7p9QDpi/D7xJLwsTgCg3TskyTaQAAazJBY1nXVDAMSukxfVB0ojJC1aYhn2+9nPBtQwrq6nNi+6/r8IkJl21tK1y+jBQ9jg7YFbdj4GjRkr1aCjb0w4gWtoLmVYtl+zmg63GZseEJCpUTcFHlBxk1l4bF5F5yTSrfNzZisW9iKdGMmBbdlNDuZPchG+NVdIjS+26h+vu/QADARE82VuIcMictwC/fh6DvDD51v5NfVg+6ZXBy8cbCOnfLx1xut2J0WMjmpN3lqOe0bA7urX9eQH8ElwF3zDy+/7INk4FXSjp+PhCBrCktUiG6fpevpnIVfih2Lbdg1JitYVNY0KYtMkVIU2eerpX996sdw7fhRxR97nJ9AgDZgAACMNVRVFo6MyiAAJe2OJP2XH4Z8OnzUZCrO6L5g99VvkzxrhHrEXohdgWpcBg7XT9Wy3KYOyz1gK+S3vU/iymzAQ3RdR5aAW9YW593XS1W1t/t/0TtgEpcuaWc4ulowoqE0O/8RdQideYHqorg6A5e4/NO2EOz5Zu6bwWXM90edY6dsXGwjIAoCfukY/Ym5N/UuI3nd9KPm1KwTnkAzQmUrG0AH9HiGrqglGScYXD3NWTd881XpjXyVnWan/+Lqd641O/7luCSjhujnkRkGURlWlCTeHdFDcQTqF5e68jL+o5DVDi4/G32OptrpVDxS8CdebjFZQmq4iv9KSqbWZObC8XUplg9goOJQ3gsEvVhuBZB709+j0j3oiUhh0IHoSm5aU3XlbYORppl3Rz3JGPX58k4mU/1ihdr2P2tFw3GQWIuHMrtLUXfb5aBlSjedlP4ziWaoAyWkstmdqploYq8k7a05tC69yb68d1YqfPk2CNNQtKJ2eNb1T0/de04IxocgUisayEuhthAWYy9UuAq+KKos/pbfnriTfgZFkA42vHFTq7VT+HfrDmPG6zM6gkLGf3HXR4mcB74bdY2gSUwBM9dm0qjbN1N+jZ4wpyJhw/sAlUIJko6kyj3KIbN/etPzd6DamsDrSomB5xF9fgdyjl0ll71vCuwij8a46Ulr0iBET4FfmHfws1CzUC
requested_token_use:on_behalf_of
但我收到此回复标题 400错误请求:
Cache-Control →no-cache, no-store
Content-Length →447
Content-Type →application/json; charset=utf-8
Date →Sat, 25 Feb 2017 01:41:08 GMT
Expires →-1
P3P →CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma →no-cache
Server →Microsoft-IIS/8.5
Set-Cookie →x-ms-gateway-slice=003; path=/; secure; HttpOnly
Set-Cookie →stsservicecookie=ests; path=/
Strict-Transport-Security →max-age=31536000; includeSubDomains
X-Content-Type-Options →nosniff
X-Powered-By →ASP.NET
x-ms-request-id →1b12cc35-5ed6-4ebe-8ba8-96e59038a82d
和身体:
{
"error": "invalid_request",
"error_description": "AADSTS50027: Invalid JWT token. AADSTS50027: Invalid JWT token. Token format not valid.\r\nTrace ID: 1b12cc35-5ed6-4ebe-8ba8-96e59038a82d\r\nCorrelation ID: ae2fbd5f-f542-4f7e-87a0-fbeb23492266\r\nTimestamp: 2017-02-25 01:41:10Z",
"error_codes": [
50027,
50027
],
"timestamp": "2017-02-25 01:41:10Z",
"trace_id": "1b12cc35-5ed6-4ebe-8ba8-96e59038a82d",
"correlation_id": "ae2fbd5f-f542-4f7e-87a0-fbeb23492266"
}
由于某种原因,API认为我assertion
字段中的令牌是JWT令牌。
我玩了没有
的应用程序和代理权限任何帮助将不胜感激。