我正在尝试通过Microsoft使用MSAL Angular库进行授权。我在MS Azure中配置了环境,编写了代码...登录后,我得到id_token,但无法在graph.microsoft.com/v1.0/me上将其验证为承载。我收到“ InvalidAuthenticationToken”代码。我搜索了所有堆栈,即使有一些熟悉的线程,我仍然无法弄清楚。我想确保令牌有效,并从响应中获取用户的电子邮件。这是我的代码:
ERROR: Could not install packages due to an EnvironmentError: [Errno 1] Operation not permitted: '/mnt/c/Users/azza.abdallah/Documents/CODE/myenv/lin/python2.7/site-packages/lxml/ElementInclude.py'答案 0 :(得分:0)
首先,您似乎缺少了使用的Authorization code grant flow所必需的response_type参数。
此外,您不能直接使用令牌,而需要将从响应URL获得的代码交换到令牌中。
public static AuthenticationResult ExchangeCodeForToken(string InTenantName, string InUserObjId, string InRedirectUri, string InApplicationAzureClientID, string InApplicationAzureClientAppKey)
{
Check.Require(!string.IsNullOrEmpty(InTenantName), "InTenantName must be provided");
Check.Require(!string.IsNullOrEmpty(InUserObjId), "InUserObjId must be provided");
if (CanCompleteSignIn) //redirect from sign-in
{
var clientCredential = new ClientCredential(InApplicationAzureClientID, InApplicationAzureClientAppKey);
var authContext = new AuthenticationContext(Globals.GetLoginAuthority(InTenantName), (TokenCache)new ADALTokenCache(InUserObjId)); //Login Authority is https://login.microsoftonline.com/TenantName
return authContext.AcquireTokenByAuthorizationCode(VerificationCode, new Uri(InRedirectUri), clientCredential, Globals.AZURE_GRAPH_API_RESOURCE_ID); //RESOURCE_ID is "https://graph.microsoft.com/"
}
return null;
}
请参见related pos t。