我开始致力于将Azure AD与OpenId Connect集成。我尝试在本地运行示例: https://azure.microsoft.com/de-de/resources/samples/active-directory-java-webapp-openidconnect/
但是应用程序将我重定向到错误页面,并显示HTTP 403错误。所以我拿了调试器,然后把我扔出去的部分是这个位:
private String getUsernamesFromGraph(String accessToken, String tenant) throws Exception {
URL url = new URL("https://graph.microsoft.com/v1.0/users");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("GET");
conn.setRequestProperty("Authorization", "Bearer " + accessToken);
conn.setRequestProperty("Accept","application/json");
int httpResponseCode = conn.getResponseCode();
String goodRespStr = HttpClientHelper.getResponseStringFromConn(conn, true);
因此,我将访问令牌和所有其他标头放入邮递员中,以查看图服务的响应。响应如下所示:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "XXXXXX-fa72-XXXX-8f56-d989a4879843",
"date": "2018-08-15T07:18:48"
}
}
}
但据我所知,我已将Azure AD应用的每个角色授予: Granted roles
如果我查看虚拟用户在Azure Portal中的登录历史记录,我会看到登录成功: sign-ins
在配置过程中我错过了什么?
