我无法获取访问令牌以使用azure ad API来获取用户组:发出令牌时出错。 [英] I failed to get access token to use azure ad API to get user groups: There was an error issuing a token.
问题描述
我正在尝试获取用户组,我实施了saml但它没有返回给我用户组。
我有:
Azure广告目录:
目录ID = {目录ID}
使用saml身份验证的企业应用程序:
申请ID = {enterprize app id}
应用程序中的应用程序dot dev dot microsoft dot com /
申请ID = {app id}
客户秘密= {秘密}
$
$
https登录点microsoftonline dot com / {目录id} / oauth2 / authorize?client_id = {enterprize app id}& response_type = code& redirect_uri = {uri}& prompt = admin_consent
$
POST https login dot microsoftonline dot com / {directory id} f / oauth2 / v2 .0 /令牌
发布字段:
grant_type = authorization_code
client_id = {enterprize app id}
范围= https graph dot microsoft dot com / v1.0 / me / memberOf
c ode =上一次请求的代码
redirect_uri = {enterpise app redirect uri}
回复:
$
AADSTS50000:发出令牌时出错。
当我尝试使用{app id}和客户机密时,我得到:
https dot login dot microsoftonlinedot com / {directory id} / oauth2 / authorize?client_id = {app id}& response_type = code& redirect_uri = {uri}& prompt = admin_consent
POST https登录点microsoftonline dot com / {目录id} f / oauth2 / v2.0 / token
发布字段:
grant_type = authorization_code
client_id = {app id}
scope = https graph dot microsoft dot com / v1.0 / me / memberOf
code =来自先前请求的代码
redirect_uri = {app redirect uri}
client_secret = {secret}
得到了相同的错误:
$
发出令牌时发生错误。
我不认为你在路过正确的处理令牌端点,你需要传递范围如下 - 对于默认范围传递
scope = https %3A%2F%2Fgraph.microsoft.com%2F 。默认
( https://graph.microsoft.com/.default)
或者你知道范围你可以这样传递 -
范围= HTTPS%3A%2F%2Fgraph.microsoft.com%2Fuser.read
I am trying to get user groups, I implement saml but it not return me the user groups.
I have:
Azure Ad directory:
Directory id = {directory id}
Enterprise application with saml authentication that works:
Application id = {enterprize app id}
Application in apps dot dev dot microsoft dot com/
Application id = {app id}
Client secret ={secret}
https login dot microsoftonline dot com/{directory id}/oauth2/authorize?client_id={enterprize app id}&response_type=code&redirect_uri={uri}&prompt=admin_consent
POST https login dot microsoftonline dot com/{directory id}f/oauth2/v2.0/token
Post fields:
grant_type=authorization_code
client_id={enterprize app id}
scope=https graph dot microsoft dot com/v1.0/me/memberOf
code=code from previous request
redirect_uri={enterpise app redirect uri}
Response:
AADSTS50000: There was an error issuing a token.
When I try with the {app id} and Client secret I get:
https dot login dot microsoftonlinedot com/{directory id}/oauth2/authorize?client_id={app id}&response_type=code&redirect_uri={uri}&prompt=admin_consent
POST https login dot microsoftonline dot com/{directory id}f/oauth2/v2.0/token
Post fields:
grant_type=authorization_code
client_id={app id}
scope=https graph dot microsoft dot com/v1.0/me/memberOf
code=code from previous request
redirect_uri={app redirect uri}
client_secret={secret}
Got the same error:
There was an error issuing a token.
I do not think you are passing the correct scope to token endpoint and you need to pass the scope like below - For default scope pass
scope=https%3A%2F%2Fgraph.microsoft.com%2F.default (https://graph.microsoft.com/.default)
or if you know scopes you can pass like this -
scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
这篇关于我无法获取访问令牌以使用azure ad API来获取用户组:发出令牌时出错。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!