“丢失授权类型参数”在Auth0委托端点调用中 [英] "Missing grant-type parameter" in Auth0 Delegation endpoint call

问题描述

根据Auth0的建议，我尝试通过以下请求从Postman调用（POST）Auth0委托终结点：

I'm trying to call (POST) the Auth0 delegation endpoint from Postman with the following request, as suggested by Auth0:

Content-Type: 'application/json'

{
  "client_id":   "{CLIENT_ID}",
  "grant_type":  "urn:ietf:params:oauth:grant-type:jwt-bearer",
  "id_token":    "{YOUR_ID_TOKEN}",
  "target":      "lwTL1rYVfC0KsBUFPeKWY3HvGjbIgdDM",
  "api_type":    "salesforce_api",
  "scope":       "openid"
}

我遇到此错误，即使上述请求中包含了Grant_type参数 ：

I'm getting this error, even though the grant_type parameter is included in the above request:

{
    "error": "invalid_request",
    "error_description": "Missing grant_type parameter"
}

我在这里做什么错了？

推荐答案

来自Auth0的新 OIDC合格身份验证阳离子文档：

From Auth0's new OIDC Conformant Authentication docs:

委派

鉴于 ID令牌不应再用作API令牌，并且刷新令牌应仅在令牌端点使用

Given that ID tokens should no longer be used as API tokens and that refresh tokens should be used only at the token endpoint, this endpoint is now considered deprecated.

目前，没有兼容OIDC的机制来获取第三方API令牌。为了促进向新的身份验证管道的逐步迁移，仍然可以使用委托来获取第三方API令牌。

At the moment there is no OIDC-compliant mechanism to obtain third-party API tokens. In order to facilitate a gradual migration to the new authentication pipeline, delegation can still be used to obtain third-party API tokens. This will be deprecated in future releases.

此外，来自Auth0的将AWS与令牌配合使用文档：

Also, from Auth0's Using AWS with Tokens docs:

旧版补助金类型

自2017年6月8日起，新的Auth0客户无法向其客户添加任何旧授权类型，这些类型必须与委托终结点。旧版赠款类型仅适用于以前的客户，当他们迁移到新流程时，可以避免更改。要找到适合您情况的替代方案，请参考保护传统赠款类型的替代方案。

As of 8 June 2017, new Auth0 customers cannot add any of the legacy grant types to their clients, which are required for use with the Delegation endpoint. Legacy grant types are only available for previous customers while they migrate to new flows, to avoid breaking changes. To find the secure alternative for your case refer to Secure Alternatives to the Legacy Grant Types.

从 Legacy Grant Types的安全替代方案链接：

旧式赠款类型

http://auth0.com/oauth/legacy/grant-type/ro/jwt-bearer




Alternative

此功能默认为禁用。如果您希望启用此功能，请联系支持讨论您的用例并避免引入安全性的可能性漏洞。

This feature is disabled by default. If you would like this feature enabled, please contact support to discuss your use case and prevent the possibility of introducing security vulnerabilities.

还可以找到有关旧式赠款类型的更多信息此处。

More info on legacy grant types can also be found here.

因此，您遇到的问题是不赞成使用委托。这意味着已弃用 / delegation 端点，更重要的是 jwt-bearer 授予类型。如果您是新客户，那您就不走运了。如果您是现有客户，则需要联系支持部门以使其启用。

So, the problem you are having is that Delegation has been deprecated. That means the /delegation endpoint and more importantly the jwt-bearer grant type, have been deprecated. If you are a new customer, you are out of luck. If you are an existing customer you need to contact support to get it enabled.

关于Postman为什么返回神秘的缺少grant_type参数 错误，而不是更好的客户端不允许授予类型'http://auth0.com/oauth/legacy/grant-type/delegation/id_token。 其他基于浏览器扩展的REST客户端出现的错误，您的猜测与我的一样。

As to why Postman returns the cryptic "Missing grant_type parameter" error as opposed to the much better "Grant type 'http://auth0.com/oauth/legacy/grant-type/delegation/id_token not allowed for the client." error you get with other browser extension based REST Clients, your guess is as good as mine.

这篇关于“丢失授权类型参数”在Auth0委托端点调用中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！