Azure的AD的OAuth2访问令牌请求错误 - 400错误的请求 [英] Azure AD OAuth2 Access Token Request Error - 400 Bad Request

问题描述

我的WPF的桌面应用程序（C＃）正试图通过微软图形API来读取用户的Outlook电子邮件。我被困在认证过程;我已经收到认证码，现在我想发送的的访问令牌的请求时，获得来自Azure的访问令牌但要得到一个HTTP 400错误代码的：

  / ****授权码检索**** / 
串authCodeUrl =htt​​ps://login.microsoftonline.com /普通/的oauth2 /授权; 
 authCodeUrl + =？CLIENT_ID=的clientId; 
 authCodeUrl + =&放大器; REDIRECT_URI =+ redirectUri; 
 authCodeUrl + =&放大器; RESPONSE_TYPE =码; 
 authCodeUrl + =与&资源= HTTPS％3A％2F％2Fgraph.microsoft.com％2F; 
的Process.Start（authUrl）; //用户登录时，我们得到登录后
串代码的授权码=......; //隐藏此帖
 
 / ****访问令牌检索**** / 
串tokenUrl =htt​​ps://login.microsoftonline.com/common/oauth2/token 
字符串内容=grant_type = authorization_code; 
 +内容=&放大器; CLIENT_ID =+的clientId; 
含量+ =与&资源= HTTPS％3A％2F％2Fgraph.microsoft.com％2F; 
 +内容=&放大器;代码=+代码; 
 +内容=&放大器; REDIRECT_URI =+ redirectUri; 
的WebRequest请求= WebRequest.Create（tokenUrl）; 
 request.ContentType =应用/的X WWW的形式，进行了urlencoded 
字节[]数据= Encoding.UTF8.GetBytes（内容）; 
 request.ContentLength = data.Length; 
 request.Method =POST; 
试
 {
使用（流流= request.GetRequestStream（））
 {
 stream.Write（数据，0，data.Length）; 
} 
 WebResponse的响应= request.GetResponse（）; //这个抛出异常
} 
赶上（例外错误）//这个捕捉异常
 {
 Console.WriteLine（返回Error.message）; //输出400错误的请求
} 
  

以上是用于检索代码随后尝试检索访问令牌授权码。我们没有一个client_secret因为秘密是只针对Web应用程序，这是一个本地桌面WPF应用程序。我已阅读，这不是一个问题，但。我按照很多教程和官方在线文档，主要官方图授权的文档我还是想不出什么我做错了。任何帮助将不胜感激，谢谢

解决方案

我用的：//www.telerik。 COM /提琴手相对=nofollow称号=提琴手>小提琴手调试的要求，我发现完整的错误消息：用户或管理员尚未同意使用该应用程序的。我GOOGLE了这条消息了一下，发现了一些堆栈的文章和GitHub的问题线程导致我的解决办法：当实际我需要用我的Azure租户我的要求一直在使用常用，在基础URL，如租户ID我通过这个答案堆栈 ID。我对身份验证请求新基地的URL现在看起来像：

  https://login.microsoftonline.com/xxxxxxxx-xxxx- XXXX-XXXX-XXXXXXXXXXXX /的oauth2 /授权
  

其中xxxx -.... XXX将是您的Azure租户ID更换！

My WPF desktop application (C#) is attempting to read the user's Outlook emails through the Microsoft Graph API. I am stuck in the authentication process; I've already received an authentication code and now I'm trying to get an access token from Azure but keep getting a HTTP 400 error code when sending out the request for the access token:

/**** Auth Code Retrieval ****/
string authCodeUrl = "https://login.microsoftonline.com/common/oauth2/authorize";
authCodeUrl += "?client_id" = clientId;
authCodeUrl += "&redirect_uri=" + redirectUri;
authCodeUrl += "&response_type=code";
authCodeUrl += "&resource=https%3A%2F%2Fgraph.microsoft.com%2F";
Process.start(authUrl); // User logs in, we get the auth code after login
string code = "......"; // Hidden for this post

/**** Access Token Retrieval ****/
string tokenUrl = "https://login.microsoftonline.com/common/oauth2/token"
string content = "grant_type=authorization_code";
content += "&client_id=" + clientId;
content += "&resource=https%3A%2F%2Fgraph.microsoft.com%2F";
content += "&code=" + code;
content += "&redirect_uri=" + redirectUri;
WebRequest request = WebRequest.Create(tokenUrl);
request.ContentType = "application/x-www-form-urlencoded";
byte[] data = Encoding.UTF8.GetBytes(content);
request.ContentLength = data.Length;
request.Method = "POST";
try 
{
  using (Stream stream = request.GetRequestStream())
  {
    stream.Write(data, 0, data.Length);
  }
  WebResponse response = request.GetResponse(); // This throws exception
}
catch (Exception error) // This catches the exception
{
  Console.WriteLine(error.Message); // Outputs 400, bad request
}

The above is the code used to retrieve the auth code followed by the attempt to retrieve the access token. We do not have a client_secret because secrets are only for Web applications and this is a native desktop WPF application. I have read that this isn't an issue though. I have followed many tutorials and official docs online, mainly the official Graph authorization doc and I still cannot figure out what I am doing wrong. Any help would be greatly appreciated, thank you.

解决方案

I used fiddler to debug the request and I found the full error message: The user or administrator has not consented to use the application. I googled this message for a bit and found some stack articles and github issue threads that lead me to the solution: my request had been using "common", in the base URL, as the tenant ID when actually I needed to use my Azure tenant ID which I acquired through this answer on stack. My new base URL for the authentication requests now looks like:

https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/authorize 

where "xxxx-....xxx" would be replaced by your Azure tenant id!

这篇关于Azure的AD的OAuth2访问令牌请求错误 - 400错误的请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！