为什么“获取用户访问"令牌会引发invalid_grant错误? [英] Why does Get User Access token throws invalid_grant error?

问题描述

我正在使用 Microsoft Graph Postman Collections 从内部测试常见的Microsoft Graph API邮差.但是，我在尝试获取用户访问令牌

I am using Microsoft Graph Postman Collections to test common Microsoft Graph APIs from within Postman. However, I am stuck while trying to fetch user access token

以下是请求

POST /7c69806f-5754-488f-9dd8-7daa8afea4fd/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
SdkVersion: postman-graph/v1.0
cache-control: no-cache
Postman-Token: ac512133-5afe-47a3-ae9b-3b6c0b510ebd
grant_type=passwordclient_id=ebbe4872-5b7187-de6d6ddf7301client_secret=g99p8DWoxdUPY-%3F%40%5Bv7kt2g4BMxGscope=https%3A%2F%2Fgraph.microsoft.com%2F.defaultuserName=rohitdhamijagmail.onmicrosoft.compassword=Zcost%4080

在尝试获取用户访问令牌" POST API时，出现以下错误:

On trying "Fetch user access token" POST API, I get following error:

{
    "error": "invalid_grant",
    "error_description": "AADSTS50034: The user account rohitdhamijagmail.onmicrosoft.com does not exist in the 7c69806f-5754-488f-9dd8-7daa8afea4fd directory. To sign into this application, the account must be added to the directory.\r\nTrace ID: c0e97dd8-053d-4c99-81e4-354d7ae7d500\r\nCorrelation ID: 7e67450e-3054-48bc-b808-2f6277093dac\r\nTimestamp: 2020-03-03 09:38:09Z",
    "error_codes": [
        50034
    ],
    "timestamp": "2020-03-03 09:38:09Z",
    "trace_id": "c0e97dd8-053d-4c99-81e4-354d7ae7d500",
    "correlation_id": "7e67450e-3054-48bc-b808-2f6277093dac",
    "error_uri": "https://login.microsoftonline.com/error?code=50034"
}

该用户帐户确实显示在Azure中的我的租户下，下面是附加的图像

The user account does show under my tenant in Azure , below is the image attached

可能是什么问题? 注意:由于我可以使用其他API(例如获取用户信息"等)，因此我已经正确配置了全局环境.

What can be the issue? Note: I have configured the global environments properly, since I am able to use other API's like Get User info etc.

推荐答案

您的请求应像这样.

https://login.microsoftonline.com/YourTenant.onmicrosoft.com/oauth2/v2.0/token

client_id:b603c7be_Client_id_e61f925
scope:https://graph.microsoft.com/.default
client_secret:NpmwO/KDJ_client_secret:NpmwO_W0kWf1SbnL
username:tenentUser.onmicrosoft.com
password:YourUserPassword
grant_type:password

查看屏幕截图:

我正在按预期方式获得令牌

I am getting token as expected

Step: 1

Step: 2

Step: 3

Note:

1. 确保您的用户属于您租户上的azure门户
2. 您的客户ID属于该租户
3. 应用程序密码有效或未过期.

1. Make sure your user belong to azure portal on your tenant
2. Your Client Id belongs to that tenant
3. Application secret is valid or not expired.

Update: How to get Tenant Id

有关更多信息，您可以参考官方文档

For more information you could refer Official document

希望会有所帮助.

这篇关于为什么“获取用户访问"令牌会引发invalid_grant错误?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！