Microsoft 个人帐户身份验证的誓言问题

Question

大家好，我在尝试通过 Oauth2 验证个人帐户 microsoft 时遇到了这个问题。 我的端点 URL 已配置在 common 上

应用程序配置为多租户：

我的清单是：

{​​​​​​
"id": "0982f18d-116c-45c0-b1ee-59dd9fa3344b",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"addIns": [],
"allowPublicClient": null,
"appId": "002543f2-87b6-43e4-91a3-cfdef655dc7a",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2021-02-04T10:09:11Z",
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [],
"informationalUrls": {​​​​​​
    "termsOfService": null,
    "support": null,
    "privacy": null,
    "marketing": null
}​​​​​​,
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "AppBotTipBook",
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {​​​​​​
    "countriesBlockedForMinors": [],
    "legalAgeGroupRule": "Allow"
}​​​​​​,
"passwordCredentials": [
    {​​​​​​
        "customKeyIdentifier": null,
        "endDate": "2299-12-30T23:00:00Z",
        "keyId": "86c3141b-02ac-4d47-9ecf-0cabb8ba2fc4",
        "startDate": "2021-02-04T10:10:43.464Z",
        "value": null,
        "createdOn": "2021-02-04T10:10:44.3986206Z",
        "hint": "_3D",
        "displayName": "botlogin"
    }​​​​​​
],
"preAuthorizedApplications": [],
"publisherDomain": "unisalerno.onmicrosoft.com",
"replyUrlsWithType": [
    {​​​​​​
        "url": "https://token.botframework.com/.auth/web/redirect",
        "type": "Web"
    }​​​​​​
],
"requiredResourceAccess": [
    {​​​​​​
        "resourceAppId": "00000003-0000-0000-c000-000000000000",
        "resourceAccess": [
            {​​​​​​
                "id": "570282fd-fa5c-430d-a7fd-fc8dc98a9dca",
                "type": "Scope"
            }​​​​​​,
            {​​​​​​
                "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
                "type": "Scope"
            }​​​​​​,
            {​​​​​​
                "id": "b340eb25-3456-403f-be2f-af7a0d370277",
                "type": "Scope"
            }​​​​​​,
            {​​​​​​
                "id": "e383f46e-2787-4529-855e-0e479a3ffac0",
                "type": "Scope"
            }​​​​​​,
            {​​​​​​
                "id": "37f7f235-527c-4136-accd-4a02d197296e",
                "type": "Scope"
            }​​​​​​,
            {​​​​​​
                "id": "14dad69e-099b-42c9-810b-d002981feec1",
                "type": "Scope"
            }​​​​​​
        ]
    }​​​​​​
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null

}

但是当我尝试使用帐户 hotmail 登录时，出现此错误： AADSTS50020：来自身份提供商“live.com”的用户帐户“xxxxxxxxx@hotmail.it”在租户“萨勒诺大学”中不存在，并且无法访问该应用程序“002543f2-87b6-43e4-91a3-cfdef655dc7a”（AppBotTipBook）租户。该帐户需要先添加为租户中的外部用户。注销并使用其他 Azure Active Directory 用户帐户重新登录。

我应该如何解决这个问题？请帮帮我:(

Answer 1

您提到的设置似乎是正确的。我将向您展示我使用外部用户登录的步骤。

1.创建受邀用户

2.注册应用程序

相同的Supported account types：

和你的一样signInAudience：

3.添加客户端机密：

4.使用 auth code flow

测试应用程序

① 在浏览器中请求授权码，并使用外部用户帐户登录。

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id={}
&response_type=code
&redirect_uri=https://myapp
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345

② 请求访问令牌

POST https://login.microsoftonline.com/common/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

client_id={}
&scope=https://graph.microsoft.com/.default
&code={code from previous step}
&redirect_uri=https://myapp
&grant_type=authorization_code
&client_secret={}