Microsoft Graph API访问令牌验证失败 [英] Microsoft Graph API access token validation failure

问题描述

我使用此URL来获取id_token:

I use this URL to get id_token:

https://login.microsoftonline.com/common/oauth2/authorize?
response_type=id_token%20code&
client_id=MY_CLIENT_GUID_ID_IN_HERE&
redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fopenid%2Freturn&nonce=alfaYYCTxBK8oypM&
state=6DnAi0%2FICAWaH14e

这样的返回结果

http://localhost:3000/auth/openid/return?
code=AAA_code_in_here&
id_token=eyJ0eXAi_xxxx_yyyy_in_here&
state=6DnAi0%2FICAWaH14e&
session_state=xxxx_guid_xxxxx

然后使用 id_token 查询Graph(使用POST man)

and then i use the id_token to query Graph (use POST man)

我看到了此帖子 InvalidAuthenticationToken和CompactToken问题-Microsoft使用PHP Curl绘制图形，但没有任何意义.

i have see this post InvalidAuthenticationToken and CompactToken issues - Microsoft Graph using PHP Curl but make no sense.

推荐答案

OATH 2.0需要多个步骤.第一个请求返回一个OAUTH代码.下一步是将OATUH代码转换为Bearer令牌.这是您在这里缺少的步骤.

OATH 2.0 requires multiple steps. The first request returns an OAUTH Code. The next step is converting that OATUH code into a Bearer Token. This is the step you are missing here.

我还建议您使用很多 v2端点更容易使用(尤其是使用Graph).我写了一个 v2终结点入门，它对整个过程进行了介绍，也可能会有所帮助.

I would also recommend using the v2 Endpoint which is a lot easier to work with (particularly with Graph). I wrote a v2 Endpoint Primer that walks through the process and may be helpful as well.

这篇关于Microsoft Graph API访问令牌验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！