OAuth 2.0和Azure Active Directory-错误AADSTS90009 [英] OAuth 2.0 and Azure Active Directory - error AADSTS90009
问题描述
我正在尝试使用OAuth 2.0和Azure AD授权对我们的Web应用程序的访问.指南此处.
I'm trying to authorize access to our web application by using OAuth 2.0 and Azure AD. Guide here.
用户被重定向到相似的URL:
The user is redirected to similar URL:
https://login.microsoftonline.com/common/oauth2/authorize?
client_id=d220846b-1916-48d2-888b-9e16f6d9848b&
response_type=code&
response_mode=query&
state=[secure-random]&
redirect_uri=[my_uri]&
resource=[my app ID uri taken from app settings]
然后我收到以下错误消息:
I'm getting the following error then:
AADSTS90009:应用程序"d220846b-1916-48d2-888b-9e16f6d9848b"为 为自己请求令牌.仅在以下情况下支持此方案 资源是使用基于GUID的应用程序标识符指定的.
AADSTS90009: Application 'd220846b-1916-48d2-888b-9e16f6d9848b' is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.
This description does not really help me. I've checked this thread, but I'm still lost.
此错误是什么意思,以及哪个是基于GUID的应用程序标识符?资源的价值应该如何?非常感谢.
What does this error mean and which is the GUID based App Identifier? How should the value of the resource look like? Help much appreciated.
推荐答案
此错误表示您在resource参数中提供的字段正在为其本身请求令牌.如果确实要获取client_id中指定的应用程序的令牌,则必须在资源字段而不是应用程序ID URI中传递client_id.届时您将收到自己的访问令牌.
This error is saying that the field you provided in the resource parameter is requesting tokens for itself. In the case you do want to get a token for the app specified in the client_id, then you have to pass the client_id in the resource field rather than the app ID URI. At which point you will receive an access token for self.
或者,您可以提供已注册的Web API的应用程序ID URI或具有范围的其他资源,以获取该资源(Microsoft Graph,Office API等)的令牌.
Alternatively, you can provide an app ID URI of a web API you've registered or another resource with scopes to get tokens for that resource (Microsoft Graph, Office API, etc).
这篇关于OAuth 2.0和Azure Active Directory-错误AADSTS90009的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
