我正在尝试让用户登录到我的机器人(Microsoft机器人框架)并进行Kusto查询。我已经成功获得了Graph JWT,但我也想不出如何再请求Kusto访问。
AuthenticationContext authContext = new AuthenticationContext("https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-*********");
var clientAppID = "974c5166-f8b5-466e-9552-*********";
var secret = "[*SxczFa7qU*******************";
var tokenForKusto = await authContext.AcquireTokenAsync(
"https://aznw.kusto.windows.net",
new ClientCredential(clientAppID, secret),
new UserAssertion(userToken));
我希望tokenForKusto
是有效的令牌,但是会引发异常。
{"AADSTS500131: Assertion audience does not match the Client app presenting the assertion. The audience in the assertion was '00000002-0000-0000-c000-000000000000' and the expected audience is '974c5166-f8b5-466e-9552-********' or one of the Application Uris of this application with App ID '974c5166-f8b5-466e-9552-********'(testbotbuilderAAD).\r\nTrace ID: 38515779-b858-4efc-8b03-e9f8ec810c00\r\nCorrelation ID: a136600d-66e0-44fc-8f24-d1fda6b4ba56\r\nTimestamp: 2019-07-19 17:23:27Z"}
答案 0 :(得分:0)
这是因为您尝试使用为Graph发行的令牌,但是您的应用程序不是Graph。仅当且仅当客户端应用程序ID(来自ClientCredentials)与您尝试使用的令牌的受众匹配时,此流程才起作用。
您为什么仍要为Graph检索令牌? 如果要发出Kusto查询,则应使用群集URI作为资源(例如“ https://cluster.region.kusto.windows.net”)