InvalidAuthenticationToken-CompactToken解析失败，错误代码:-2147184105 [英] InvalidAuthenticationToken - CompactToken parsing failed with error code: -2147184105

问题描述

我正在使用V1以便从Microsoft REST API获得令牌. (我们有Office 365租户，我曾经成功地成功获取所有资源，但没有任何问题.

I am using V1 in order to have a token from Microsoft REST API. (We have Office 365 tenant and I used to successfully get all resources without any problem but not anymore.

clientId =8a67......de4b6
clientSecret =J58k8....5EU=
redirectUri =http://example.com...
resourceUrl =https://graph.microsoft.com
authority = https://login.microsoftonline.com/f02633....a603/oauth2/token

https://login.microsoftonline.com/f0263...0be3/oauth2/authorize?client_id=8a6..b6&redirect_uri=http://example.com&response_type=code&scope=mail.read

它给了我一个令牌，其结构为遵循 /jwt.io/"rel =" nofollow noreferrer> JWT .它说签名无效，但不确定出什么问题.

It gave me a token structured as follows on JWT. It says invalid signature but not sure what is wrong.

有了令牌后，我尝试了以下curl调用

Once I have the token, I tried the following curl call

curl -i https://graph.microsoft.com/v1.0/me/messages -H 'Content-Type: application/x-www-form-urlencoded' -H 'Authorization: Barer eyJ.[TOKEN]...UNa6nfw'

我收到以下错误，而不是消息:

Instead of the messages, I received the following error:

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8Cl23
Server: Microsoft-IIS/8.5
request-id: af2390b1-a9b...5ab9
client-request-id: af2390,....a615ab9
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West US","Slice":"SliceA","ScaleUnit":"000","Host":"AGSFE_IN_4","ADSiteName":"WST"}}
X-Powered-By: ASP.NET
Date: Thu, 19 Jan 2017 23:55:43 GMT
Content-Length: 268

{
  "error": {
    "code": "InvalidAuthenticationToken",
    "message": "CompactToken parsing failed with error code: -2147184105",
    "innerError": {
      "request-id": "af2390b1-...5ab9",
      "date": "2017-01-19T23:55:44"
    }
  }
} 

我在SO上看过类似的问题，但找不到任何解决方案.

I looked at similar questions on SO but couldn't find any solution.

推荐答案

首先，authorization标头的 Barer 是一个错字.正确的参数应类似于authorization: bearer {access_token}.

First, the Barer of authorization header is a typo. The correct parameter should be like authorization: bearer {access_token}.

第二，似乎您正在使用Azure V1.0终结点和V2.0终结点进行混合.如果您正在使用V1.0终结点开发哪些应用程序遭到Azure门户拒绝，则当我们获取访问令牌时，我们需要指定 resource 参数而不是 scope .

Second, it seems that you were mixing using the Azure V1.0 endpoint and V2.0 endpoint. If you were developing with V1.0 endpoint which apps were resisted from Azure portals, when we acquire the access token we need to specify the resource parameter instead of scope.

作用域参数用于Azure V2.0终结点，该应用程序被此处拒绝.

The scope parameter is used for Azure V2.0 endpoint which apps are resisted from here.

Azure AD的授权终结点如下:

And the authorization endpoint for Azure AD likes below:

V1.0:

https://login.microsoftonline.com/{tenant}/oauth2/authorize

V2.0:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?

有关Azure AD的代码授予流程的更多详细信息，您可以参考下面的链接:

More detail about the code grant flow with Azure AD, you can refer links below:

授权访问网络使用OAuth 2.0和Azure Active Directory的应用程序

v2. 0协议-OAuth 2.0授权代码流

这篇关于InvalidAuthenticationToken-CompactToken解析失败，错误代码:-2147184105的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！