Azure AD B2C中的Access_denied资源所有者密码凭据流 [英] Access_denied resource owner password credentials flow in Azure AD B2C
问题描述
我按照下面的这篇文章,但是我从测试用户流程部分得到了以下错误:
https://docs.microsoft.com / en-gb / azure / active-directory-b2c / configure-ropc
HTTP / 1.1 400错误请求
缓存控制:私人
Content-Type:application / json; charset = utf-8
服务器:Microsoft-IIS / 10.0
x-ms-gateway-requestid:fd437d7a-fd0e-42bf-adcf-0969f5dcf74d
X-Frame-Options:DENY
严格运输安全:max-age = 31536000; includeSubDomains
X-Content-Type-Options:nosniff
X-XSS-Protection:1; mode = block
Set-Cookie:x-ms-cpim-trans =;域= mytenant.b2clogin.com; expires =周二,29-Jan-2019 13:35:09 GMT;路径= /;安全; HttpOnly
日期:2019年1月30日星期三格林威治标准时间13:35:08由于
内容长度:217
{" error":" access_denied"," error_description":" AADB2C90225:请求中提供的用户名或密码无效。\\\\ nnCorrelation ID:9b3c19e2-6084-4bcd-b7d3-aab8d2c34dd9 \ r\\\
Timestamp:2019-01-30 13:35:09Z\r\\\
"}
发送请求:
POST https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_ROPC_Auth HTTP / 1.1
内容类型:application / x-www-form-urlencoded
主持人:mytenant.b2clogin.com
username = myemail& password = password& grant_type = password& scope = openid myappId offline_access& client_id = myappId& response_type = token + id_token
我是全球管理员,但是我能够创建用户流,注册应用程序等。
$
我正在使用Fiddler发送请求,因此它与WebApp / WebAPI无关。
用户名(例如myname@myfirm.com)和密码正确,用于登录azure portal设置样本。
有什么想法吗?
b
$
**更新**
请注意我使用的用户是我公司活动目录中的用户角色,但用户是与新创建的AD B2C租户关联的活动目录中的全局管理员,位于https://docs.microsoft.com/en-gb/azure/之后active-directory-b2c / tutorial-create-tenant
    
**更新**
请注意我使用的用户在用户中在我公司的活动目录中的角色,但用户是与新创建的AD B2C租户关联的活动目录中的全局管理员,位于https://docs.microsoft.com/en-gb/azure/active-directory-b2c/tutorial之后-create租户
I followed this article below, but I got the error below from Test the user flow section:
https://docs.microsoft.com/en-gb/azure/active-directory-b2c/configure-ropc
HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/10.0
x-ms-gateway-requestid: fd437d7a-fd0e-42bf-adcf-0969f5dcf74d
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: x-ms-cpim-trans=; domain=mytenant.b2clogin.com; expires=Tue, 29-Jan-2019 13:35:09 GMT; path=/; secure; HttpOnly
Date: Wed, 30 Jan 2019 13:35:08 GMT
Content-Length: 217
{"error":"access_denied","error_description":"AADB2C90225: The username or password provided in the request are invalid.\r\nCorrelation ID: 9b3c19e2-6084-4bcd-b7d3-aab8d2c34dd9\r\nTimestamp: 2019-01-30 13:35:09Z\r\n"}
Request sent:
POST https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_ROPC_Auth HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: mytenant.b2clogin.com
username=myemail&password=password&grant_type=password&scope=openid myappId offline_access&client_id=myappId&response_type=token+id_token
I am a global admin, but I am able to create User flow, Register application etc.
I am using Fiddler to send the request, so it is not related to WebApp/WebAPI.
The user name (e.g. myname@myfirm.com) and password are correct, which is used to login azure portal to setup the sample.
Any idea?
**Update**
Please note the user that I use is in User role in my firm's active directory, but the user is a global admin in the active directory associated with the newly created AD B2C tenant following https://docs.microsoft.com/en-gb/azure/active-directory-b2c/tutorial-create-tenant
**Update**
Please note the user that I use is in User role in my firm's active directory, but the user is a global admin in the active directory associated with the newly created AD B2C tenant following https://docs.microsoft.com/en-gb/azure/active-directory-b2c/tutorial-create-tenant
这篇关于Azure AD B2C中的Access_denied资源所有者密码凭据流的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!