访问令牌的“无效签名"错误(Azure活动目录/MSAL JS) [英] 'Invalid Signature' error for Access Token (azure active directory / msal js)
问题描述
我使用MSAL JS来验证用户&之后调用AccessToken的AcquisitionTokenPopup(scopes).
I used MSAL JS for authenticating user & thereafter calling acquireTokenPopup(scopes) for Access Token.
我正在获取访问令牌,但无法使用,因为它显示无效签名. (也已在jwt.io中检查-同样的错误)
I am getting the access token, but cannot use it as it says Invalid Signature. (checked in jwt.io too - same error)
在论坛上,我发现这是由于Graph添加了随机数. 解决办法是什么? 请帮忙.
Over the forum I found it is due to Graph adding nonce. What will be the solution? Please help.
以下是代码.
tenantConfig = {
scopes: ["directory.read.all"]
};
this.clientApplication.acquireTokenSilent(this.tenantConfig.scopes).then( 函数(accessToken){
this.clientApplication.acquireTokenSilent(this.tenantConfig.scopes).then( function (accessToken) {
},
function (error) {
console.log(error);
this.clientApplication
.acquireTokenPopup(this.tenantConfig.scopes)
.then(
function (accessToken) {
console.log("access token " + accessToken);
},
function (error) {
alert(error);
}
);
}
);
推荐答案
在使用MSAL.js且未使用图形API时,您的范围参数应为"[CLIENT_ID]/.default":
Your scopes parameter should be "[CLIENT_ID]/.default" When using MSAL.js and if you are not using graph api:
var requestObj = {
scopes:["[CLIENT_ID]/.default"]
};
如果您打算使用graph api,则scopes参数是不同的:
If you intent to use the graph api the scopes parameter is different:
var ResourceId = "https://graph.windows.net/";
var scopes = [ ResourceId + "Directory.Read", ResourceID + "Directory.Write"];
此处的示例 https://docs.microsoft.com/zh-CN/azure/active-directory/develop/tutorial-v2-javascript-spa 使用图谱api并为图谱api生成特定令牌,如果需要,可更改scopes参数生成用于其他用途的访问令牌.
The example here https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-javascript-spa uses graph api and generate a specific token for graph api, change the scopes parameter if you need to generate an access token for other uses.
有关范围参数的更多信息: https://docs.microsoft.com/zh-cn/azure/active-directory/develop/msal-v1 -app-scopes#scopes请求访问v10应用程序的所有权限
More information on scopes parameter: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-v1-app-scopes#scopes-to-request-access-to-all-the-permissions-of-a-v10-application
这篇关于访问令牌的“无效签名"错误(Azure活动目录/MSAL JS)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!