Azure数据工厂-验证invalid_grant时遇到问题

时间:2019-03-22 05:03:48

标签: java azure azure-active-directory azure-data-factory azure-data-factory-2

在尝试通过Active Directory进行身份验证以检索访问令牌时,我遵循以下步骤:

1-使用以下说明在Azure中创建应用程序(步骤3): https://github.com/Azure-Samples/active-directory-java-native-headless#step-3--register-the-sample-with-your-azure-active-directory-tenant

2-创建具有“数据工厂贡献者”权限的“ Azure Active Directory”用户帐户。

3-使用(来自下面的URL)中的步骤,我按照示例代码尝试检索访问令牌: https://github.com/Azure-Samples/active-directory-java-native-headless/blob/master/src/main/java/PublicClient.java

注意:我正在使用的资源是... https://management.core.windows.net/

...使用以下示例: https://docs.microsoft.com/en-us/azure/data-factory/quickstart-create-data-factory-rest-api#authenticate-with-azure-ad

4-服务器响应以下错误:

Exception in thread "main" java.util.concurrent.ExecutionException:
com.microsoft.aad.adal4j.AuthenticationException:
 {
    "error_description": "AADSTS65001: The user or administrator has not
    consented to use the application with ID '<my-app-id>' named
    '<my-app-name>'. Send an interactive authorization request for this
    user and resource.\r\nTrace ID: d0af56e6-aaa3-4d25-b23b-
    2984ed2b4400\r\nCorrelation ID: 2422cc2f-1cdd-45c5-8b7c-
    46b1eee4ffae\r\nTimestamp: 2019-03-22 04:58:16Z",

    "error": "invalid_grant"
 }

要使身份验证有效,需要哪些补助?

1 个答案:

答案 0 :(得分:0)

您应该向Azure AD发出授权请求,其中包括参数提示符= admin_consent。

转到一个网址,例如https://login.microsoftonline.com/tenant-id/oauth2/authorize?client_id=app-client-id&redirect_uri=encoded-reply-url&response_type=code&prompt=admin_consent

使用您的管理员帐户同意权限。

enter image description here

然后我们可以成功获取访问令牌。

enter image description here

相关问题
最新问题