通过GoDaddy购买的Office365帐户未返回刷新令牌 [英] Refresh token not returned for Office365 accounts purchased through GoDaddy
问题描述
We have a feature that syncs calendar entries and contacts between our application and Office365, using the Office365 REST apis outlined here. We are using Version 1 of the API. For authorization we are performing authorization via Azure AD as outline here.
在正常情况下(使用直接从Microsoft购买的Office365帐户时),我们的系统可以正常运行:我们能够在用户令牌到期时刷新用户的令牌,并以交换的方式返回新的访问和刷新令牌.
In the normal case (when using Office365 accounts purchased directly from Microsoft), our system works as expected: we are able to refresh the user's tokens when they expire and are returned a new access and refresh token in exchange.
在第二种情况下,当使用Office365帐户通过GoDaddy购买进行测试时,我们会遇到可以在以下一系列步骤中概述的阻塞问题: 1.从我们的应用程序-> Office365登录页面发送用户. 2.用户输入电子邮件地址 3.用户被重定向到GoDaddy Office365登录页面. 4.用户完成授权,并使用响应中的访问码重定向回我们的应用程序. 5.应用程序交换来自Office365的access_token和refresh_token的访问代码. 6.一段时间过去了,access_token过期了 7.应用程序使用refresh_token刷新用户的access_token
In the second case, when testing with Office365 accounts purchased via GoDaddy, we encounter a blocking issue that can be outlined in this series of steps: 1. User is sent from our app -> Office365 Login page. 2. User enters email address 3. User is redirected to GoDaddy Office365 login page. 4. User completes authorization, and is redirected back to our app with an access code in the response. 5. App exchanges access code for an access_token and refresh_token from Office365. 6. Some time goes by, and access_token expires 7. App refreshes the user's access_token using the refresh_token
目前,我们希望收到一个新的access_token和新的refresh_token,就像使用常规Office365帐户时一样
At this point we are expecting to receive a new access_token as well as a new refresh_token, as we do when using a regular Office365 account
仅对于通过GoDaddy购买的帐户,我们不会在第一次刷新后在响应中收到新的刷新令牌.
Only for accounts purchased via GoDaddy, we do not receive a new refresh token in the response after refreshing for the first time.
很明显,当打算长时间运行同步时,这是一个破例,因为用户将无法再刷新其令牌.
Obviously when intending to have a long-running sync, this is a breaking case as the user will no longer be able to have their tokens refreshed beyond this point.
邮递员跟踪(可以另存为.json并导入到邮递员进行调试 https://gist.github.com/drunkel/7ec66ed33f66d0070148694651699d03 (ID和机密已删除)
Postman traces (can save as .json and import to Postman for debugging https://gist.github.com/drunkel/7ec66ed33f66d0070148694651699d03 (IDs and secrets have been removed)
- 这是一个已知问题吗?
- 有解决方法吗?
推荐答案
I am a Software Engineer at GoDaddy and can confirm that this issue has been resolved. The reason for more frequent login requests under Modern Authentication is that as these are federated users and as you mentioned in your question, the refresh token was not being returned. This was caused by the StsRefreshTokensValidFrom attribute on the AAD user not being updated properly.
这篇关于通过GoDaddy购买的Office365帐户未返回刷新令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
