我正在尝试将我的OAuth2身份验证代码转换为对MS Graph的访问令牌,并收到以下错误。我正在将MSAL 2.6与带有客户机密的ConfidentialClientApp一起使用。但是,对AAD的呼叫并不包括秘密(根据Fiddler跟踪)。这是MSAL中的错误还是我遗漏了一些东西?
我的代码:
options.Events.OnAuthorizationCodeReceived = async (ctx) =>
{
var oauth2Client = new ConfidentialClientApplication(
_azureOptions.ClientId,
$"{_azureOptions.Instance}{_azureOptions.TenantId}",
$"https://{ctx.Request.Host}{_azureOptions.CallbackPath}",
new ClientCredential(_azureOptions.ClientSecret),
new TokenCache(),
null);
var scopes = new string[] { "https://graph.microsoft.com/Mail.Read" };
var tokens = await
oauth2Client.AcquireTokenByAuthorizationCodeAsync(ctx.ProtocolMessage.Code, scopes);
};
请求,如Fiddler中所示(缩写):
client_id=559ddc3a-66f1-4c3a-a019-af3a185689e
&code=AQABAAIAAAC5una0EUFgTIF8ElaxtWjTCYoXBaj7apY1EuJAthuqjG_LCVKR9jodYHR_IP...
&grant_type=authorization_code
&redirect_uri=https%3A%2F%2Flocalhost%3A44351%2Fsignin-oidc