我在获取Microsoft Graph令牌时遇到问题。
我已关注this documentation获取令牌。
使用Office Javascript API,我从我的加载项中获取了身份令牌和应用程序令牌。
我已将我的加载项放在Exchange服务器上,我检查过在Azure Active Directory中创建了一个应用程序,为此应用程序添加了Microsoft Graph和Azure Active Directory的所有授权,并生成了API访问密钥。
当我在Outlook中时,我打开我的加载项并获得2个令牌。在这一步中,我认为第一步已经完成。
function getCallbackToken() {
Office.context.mailbox.getCallbackTokenAsync(cbToken);
}
function cbToken(asyncResult) {
var token = asyncResult.value;
console.log("token : " + token);
}
function getIdentityToken() {
Office.context.mailbox.getUserIdentityTokenAsync(cbIdentity);
}
function cbIdentity(asyncResult) {
var identity = asyncResult.value;
console.log("identity : " + identity);
}
function getMailUser() {
console.log(
"displayName : " +
Office.context.mailbox.userProfile.displayName +
", mail adresse : " +
Office.context.mailbox.userProfile.emailAddress
);
}
当我将这些令牌发送到我的java服务器时,我想将令牌发送到Microsoft Graph,我使用此代码向ADAL4J库请求azure
//idToken , token identity or token application get from addin api javascript
public AuthenticationResult acquireTokenForGraphApi(String idToken)
throws Throwable {
final ClientCredential credential = new ClientCredential(" --- application id get in azure application list --- ",
" --- generate key from azure application setting, only display one time ---");
final UserAssertion assertion = new UserAssertion(idToken);
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
String tenantId = "--- tocken get in azure configuration panel, application endpoints";
final AuthenticationContext context = new AuthenticationContext(
"https://login.microsoftonline.com/" + tenantId + "/", false, service);
final Future<AuthenticationResult> future = context.acquireToken("https://graph.windows.net/", assertion, credential, null);
result = future.get();
} catch (ExecutionException e) {
throw e.getCause();
} finally {
if (service != null) {
service.shutdown();
}
}
if (result == null) {
throw new ServiceUnavailableException(
"unable to acquire on-behalf-of token for client " + aadAuthFilterProp.getClientId());
}
return result;
我收到错误代码
com.microsoft.aad.adal4j.AuthenticationException: {
"error_description": "AADSTS50013: Assertion contains an invalid signature."
[
Reason - The key was not found.,
Thumbprint of key used by client: '0600F9F674620737E73404E287C45A818CB7CEB8',
Configured keys:
[
Key0:Start=02/18/2018, End=02/19/2020, Thumbprint=oZkMJ7Omv9GN7JVM;
Key1:Start=03/31/2018, End=03/31/2020, Thumbprint=xq4mEGikJ5Bkblfw;
Key2:Start=11/16/2016, End=11/16/2018, Thumbprint=i1DVz66b9dfpPV3Z;
]
]
Trace ID: b439ed2f-8a91-401e-91e8-133b57532b00
Correlation ID: cd8ebc72-5173-4725-9c79-e8dc0ef7634b
Timestamp: 2018-04-10 08:27:05Z,
"error": "invalid_grant"
}