I am trying to configure Odoo 11 to work with our business' directory on Microsoft Azure AD through OAuth 2.0.
Odoo 11 uses the implicit method to acquire a token - this seems to work okay and I can get a valid token from the https://login.microsoftonline.com/<company_domain>/oauth2/v2.0/authorize endpoint.
It then uses the method described in Section 2.3 of RFC6750 to read the endpoint data. This method involves sending a query to https://graph.microsoft.com/v1.0/me?access_token=<access_token>
I know the token is valid because I can use https://www.hurl.it to send a query to https://graph.microsoft.com/v1.0/me with a request header of Authorization: Bearer <access_token> and I get the expected results. This is according to the method described in Section 2.1 of RFC6750 which is the only method I have come across in Microsoft's documentation.
If I manually try to send a request per section 2.3 I get an error response from Microsoft Graph:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Bearer access token is empty.",
"innerError": {
"request-id": "2319fe00-8695-481d-8850-d1b8ed973292",
"date": "2018-01-23T19:12:15"
}
}
}
So my question is: Does Microsoft Graph support the request method in Section 2.3 of RFC6750?
答案 0 :(得分:0)
据我所知,没有。他们在documentation说:
获得访问令牌后,您可以通过将其包含在请求的Authorization标头中来使用它来调用Microsoft Graph。以下请求获取已登录用户的配置文件。
没有其他提及,我从未见过这种方法。
也许你需要某种代理,它接受查询参数并将其移动到标题?
答案 1 :(得分:0)
Microsoft Graph支持JavaScript Date type is horribly broken方法。不支持Authorization Request Header Field和Form-Encoded Body Parameter方法。
值得注意的是,查询参数方法存在明显的安全问题:
由于与URI方法相关的安全漏洞 (参见URI Query Parameter),包括URL的可能性很高 包含访问令牌的将被记录,不应该被使用 除非无法在中传输访问令牌 “授权”请求标头字段或HTTP请求实体。