认证令牌错误 [英] Authentification token error

问题描述

我会通过javasscript(Angular)验证AD的天蓝色

当我尝试登录时我的配置文件出现此错误

 AADSTS50000:发行令牌时出错.

我已经按照官方git  sample中提到的配置了我的应用程序:https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-angular/samples/MSALAngularDemoApp/src /app

 MsalModule.forRoot({
      clientID:租户ID"，
      授权:"https://login.microsoftonline.com/ocircle.onmicrosoft.com/"，
      redirectUri:"http://localhost:4200/"，
      validateAuthority:是的，
      cacheLocation:"localStorage"，
      postLogoutRedirectUri:"http://localhost:4200/"，
      navigationToLoginRequestUrl:true，
      popUp:是的，
      同意范围:["user.read"，"api://AppID/access_as_user"]，
      unprotected资源:["https://angularjs.org/"]，
      relatedId:"1234"，
      piiLoggingEnabled:是
    })

我已在te app dev portail中创建了我的应用程序，并更改了应用清​​单.自责"oauth2AllowIdTokenImplicitFlow":是.

我无法获得有关此错误或如何解决该错误的更多信息. 'Lucida Grande'，Verdana，Arial，Helvetica，sans-serif;轮廓:0像素；右填充:0像素；颜色:#333333；字体大小:14像素> 1.当令牌实际到达您的应用程序但被拒绝时，将发生错误AADSTS50000.在IssuerNameRegistry配置部分.您需要添加用于对令牌进行签名的证书的指纹(请参见ACS门户).

2.如果将AD同步到多个国家/地区，也会发生这种情况.在这种情况下，将广告同步到所有国家/地区可能需要5天，直到此时您可能会收到此错误.

另请参见此 Github问题.

I would authentificate to azure AD in javasscript ( Angular )

When I try log in  with my profil I get this error

AADSTS50000: There was an error issuing a token.

I have configured my app as the mentionned in the official git sample :https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-angular/samples/MSALAngularDemoApp/src/app

    MsalModule.forRoot({
      clientID: "Tenant ID",
      authority: "https://login.microsoftonline.com/ocircle.onmicrosoft.com/",
      redirectUri: "http://localhost:4200/",
      validateAuthority : true,
      cacheLocation : "localStorage",
      postLogoutRedirectUri: "http://localhost:4200/",
      navigateToLoginRequestUrl : true,
      popUp: true,
      consentScopes: ["user.read", "api://AppID/access_as_user"],
      unprotectedResources: ["https://angularjs.org/"],
      correlationId: '1234',
      piiLoggingEnabled: true
    }),

I have created my application in te app dev portail and changed the app manifest  autorisation  "oauth2AllowIdTokenImplicitFlow": true.

I can't get more informations about this error or how to solve it

解决方案

1. The error AADSTS50000 occurs when the token actually arrived at your application but was rejected. In the IssuerNameRegistry config section. You need to add the thumbprint of the certificate that is used to sign the token (see the ACS portal).

https://docs.microsoft.com/en-us/previous-versions/azure/azure-services/gg185949(v=azure.100)

2. This can also happen if you are syncing AD to multiple countries. In that case it can take five days to sync AD to all countries and you may receive this error up until that point. 

3. Another option is that your profile is not a user on the tenant under which the application is registered and has not been granted access. Make your user a global administrator and try again. 

See also this Github issue.

这篇关于认证令牌错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！