什么是使用PublicClientApplication,Web或SPA的正确平台? [英] What is correct platform for using the PublicClientApplication, Web or SPA?
问题描述
我正在使用
然后我得到
AADSTS9002325:代码交换证明密钥是必需的跨域授权码的兑换.
当我使用 Web
时:
我得到:
" xxx:请求正文必须包含以下参数:"client_assertion"或'client_secret'.\ r \ n跟踪ID:xxx \ r \ n相关ID:xxx \ r \ n时间戳:2021-03-0309:59:07Z-相关ID:xxx-跟踪ID:xxx"
也许我听不懂什么,但是我只需要一个平台,对吗?
我也测试了两者是否都启用,但是遇到了与上面相同的问题.我的Azure门户越野车可能是吗?因为除了删除和添加平台外,我什么都没做.
并确保将设置允许公共客户端流
设置为是
.
好,我从 PublicClientApplication
切换到 ConfidentialClientApplication
,并添加了 clientSecret
到配置:
const publicClientConfig = {身份验证:{clientId:"xxx",授权:"https://login.microsoftonline.com/common",redirectUri:"http://localhost:3000/redirect",clientSecret:"xxx";},缓存:{cachePlugin},};
然后在Azure中删除了 SPA
平台,并添加了一个新的 Web
平台:
现在可以正常工作了.
因此,示例静音流已过时.此处.
I was using the silent-flow example and everything worked out fine. But then I saw that I have created 2 (Web & SPA) platforms. So I decided to do a cleanup. As I thought I just use the Web
platform, I just deleted the SPA
. But then the trouble came as I'm now getting always an error when trying to login.
So this is the current state when I have only one platform enabled.
When using SPA
:
then I get
AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption.
And when I use Web
:
I get:
"xxx: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.\r\nTrace ID: xxx\r\nCorrelation ID: xxx\r\nTimestamp: 2021-03-03 09:59:07Z - Correlation ID: xxx - Trace ID: xxx"
Maybe I do not understand something, but I only need one platform, correct?
I also tested with both enabled but getting the same issue you see above. Is my Azure Portal buggy maybe? Because I did not change anything except removing and adding platforms.
And for sure the setting Allow public client flows
is set to Yes
.
Ok, I switched from PublicClientApplication
to ConfidentialClientApplication
and added the clientSecret
to the config:
const publicClientConfig = {
auth: {
clientId: "xxx",
authority: "https://login.microsoftonline.com/common",
redirectUri: "http://localhost:3000/redirect",
clientSecret: "xxx"
},
cache: {
cachePlugin
},
};
Then removed the SPA
platform in Azure and added a fresh Web
platform:
Now works without any issues again.
So the example silent-flow is outdated. Already mentioned it here.
这篇关于什么是使用PublicClientApplication,Web或SPA的正确平台?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!