我正在使用ADAL.js获取Azure资源的令牌。
<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.15/js/adal.min.js"></script>
为了做到这一点,我写了以下代码:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.15/js/adal.min.js"></script>
<script>
var endpoints = {
"https://management.core.windows.net": "https://management.core.windows.net"
};
var config = {
clientId: 'e333d3fe-a73a-4476-8121-8a57f9a972ca',
endpoints: endpoints,
};
var authContext = new AuthenticationContext(config);
authContext.handleWindowCallback();
function login() {
authContext.popUp = true;
authContext.login();
// authContext.handleWindowCallback();
var user = authContext.getCachedUser();
console.log(user);
};
function clickme() {
var user = authContext.getCachedUser();
console.log(user);
authContext.acquireToken('https://management.core.windows.net', function (error, token) {
console.log(error);
console.log(token);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if (!!error) {
console.log(error.indexOf("interaction_required"));
authContext.acquireTokenPopup(
'https://management.core.windows.net/',
null,
null,
function (error, token, msg) {
console.log(error);
console.log(token);
}
)
}
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
});
};
function logout () {
authContext.logout();
};
</script>
<input id="Button1" type="button" value="clickme" onclick="clickme()" />
<input id="Button3" type="button" value="login" onclick="login()" />
<input id="Button2" type="button" value="logout" onclick="logout()" />
// These are the text-boxes whose value I want to retain.
First name:<br>
<input id=fname" type="text" name="firstname" value="Mickey">
<br>
Last name:<br>
<input id="lname" type="text" name="lastname" value="Mouse">
</body>
</html>
上述代码存在两个问题:
答案 0 :(得分:2)
错误 AADSTS50079:用户需要使用多重身份验证 表示特定最终用户必须执行或注册多因素身份验证才能获得访问令牌。 acquireToken()
是一个无声请求,因此无法向最终用户显示MFA用户界面。致电login()
并未解决此问题,因为您未在登录电话中请求访问任何内容。
解决方法是捕获此错误:
if (error.indexOf("interaction_required") !== -1)
然后,您的应用可以使用acquireTokenPopup()
或acquireTokenRedirect()
,它们是同一资源上的互动请求。然后,这会提示您的最终用户完成MFA请求,并且您将获得访问令牌。