ADAL Mac返回300 AD_ERROR_CACHE_MULTIPLE_USERS错误 [英] ADAL Mac returns 300 AD_ERROR_CACHE_MULTIPLE_USERS error

问题描述

我们正在使用ADAL Mac库进行身份验证.使用此库时，我们将得到描述为300的错误(AD_ERROR_CACHE_MULTIPLE_USERS):此资源的令牌缓存存储区包含多个用户.请将"userId"参数设置为将要使用的参数.

We are using the ADAL Mac library to authenticate. When using this library we get a 300 error (AD_ERROR_CACHE_MULTIPLE_USERS) with the description: The token cache store for this resource contains more than one user. Please set the 'userId' parameter to the one that will be used.

什么时候发生?一个人应该如何处理这种情况?

When does this happen? How should one handle this scenario?

推荐答案

背景

ADAL具有用于设备上所有访问/刷新令牌的令牌缓存.诸如用户，被请求资源等之类的缓存键.

Background

ADAL has a token cache for all access/refresh tokens on the device. The cache keys on things like the user, resource being requested, etc.

该应用程序可能会进入一种状态，其中同一请求的缓存中有多个令牌.尽管这些令牌可能表示某些不同的信息，但令牌查找请求中提供的信息在某种程度上还是模棱两可的.简单的例子:

The app can get into a state in which there are multiple tokens in the cache for the same request. While these tokens may represent something some different information, the information provided in the token lookup request was ambiguous in some way. Simple example:

hash(userA,B,C) -> token pair 1
hash(userB,B,C) -> token pair 2
hash(userA,F,G) -> token pair 3

查阅(AcquireTokenSilent)

因此，现在我们执行AcquireTokenSilent请求(缓存查找).该请求并不需要缓存的所有枢纽.例如

Lookup (AcquireTokenSilent)

So now we do an AcquireTokenSilent request (cache lookup). This request doesn't require every pivot of the cache. For example,

AcquireTokenSilent(B, C)

此请求中存在歧义，它可能映射到令牌对1或2.

There's ambiguity in this request, it could map to token pair 1 or 2.

因此，目前有两种解决方法:

So there's two workarounds at this point:

1. 在同一请求中提供更多信息.

1. Provide more information in the same request.

您可以执行一个新的AcquireTokenSilent请求，以提供更多信息，这些信息使ADAL可以最终选择一个缓存条目.在这种情况下，ADAL需要一个userId，这意味着您的应用将需要存储或查找此值并将其传递到请求中.在我们的示例中，

You can do a new AcquireTokenSilent request providing some more information that allows ADAL to definitively pick a cache entry. In this case, ADAL needs a userId meaning your app would need to store or lookup this value and pass it in the request. In our example,

AcquireTokenSilent(userA, B, C)

忽略缓存并从头开始.

Ignore the cache and start from scratch.

如果您无法检索到userId并且无法恢复，则您的应用程序可以执行交互式身份验证请求，并要求最终用户输入其凭据.如果您拥有有效的令牌，这将是一种不利的体验，因为您的用户将需要进行不必要的登录.这只是一个标准的AcquireToken请求.在我们的示例中(没有用户可以请求

If you cannot retrieve the userId and have no way to recover, your app can perform an interactive authentication request and ask the end user to enter their credentials. If you have a valid token, this is an adverse experience as your users will need to sign in more than necessary. This would just be a standard AcquireToken request. From our example (there's no user to request,

AcquireToken(B, C) 

这篇关于ADAL Mac返回300 AD_ERROR_CACHE_MULTIPLE_USERS错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！