如何在Azure AD for MS图形API中为Grant_type密码生成access_token [英] How to generate access_token for grant_type password in Azure AD for MS graph api

问题描述

如何在用于MS图形api的Azure AD中为Grant_type密码生成access_token

我已经使用了这两个链接来生成access_token密码grant_type

1. 在向下面的卷曲操作提供正确的凭据后便能够获取令牌

     curl -X POST -d"client_id = clientid& scope = user.read& grant_type = password& username =用户名& password = password& resource = https://graph.microsoft.com"https://login.microsoftonline.com/tenantid/oauth2/token 

   注意:Microsoft建议您不要使用ROPC流.多数情况场景中，建议使用更安全的替代方法.此流程需要对应用程序的高度信任，并且承担其他流程中不存在的风险.你只应该无法使用其他更安全的流时使用此流.

   How to generate access_token for grant_type password in Azure AD for MS graph api

   I have use followed these two links to generate access_token password grant_type

   1. https://dzone.com/articles/getting-access-token-for-microsoft-graph-using-oau-2?preview=true
   2. https://docs.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc?tabs=app-reg-ga

   used below curl request

   curl --location --request POST 'https://login.microsoftonline.com/910f-90d18b56a170/oauth2/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=4b5d-bde6-0b1a09b84a5f' --data-urlencode 'client_secret=q4720z4z_6N8CU-c7qEwx2a' --data-urlencode 'grant_type=password' --data-urlencode 'username=xxxx@yyyy.onmicrosoft.com' --data-urlencode 'password=xxxxxxx' --data-urlencode 'resource=https://graph.microsoft.com' --data-urlencode 'scope=openid'
   
   
   

   Below is the response

   {
       "error": "invalid_grant",
       "error_description": "AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: 21fdd138-0bc6-49bd-8852-c7a6a3a1e600\r\nCorrelation ID: a1010714-38f6-4926-a135-568adcdada26\r\nTimestamp: 2020-12-15 16:44:37Z",
       "error_codes": [
           50126
       ],
       "timestamp": "2020-12-15 16:44:37Z",
       "trace_id": "21fdd138-0bc6-49bd-8852-c7a6a3a1e600",
       "correlation_id": "a1010714-38f6-4926-a135-568adcdada26",
       "error_uri": "https://login.microsoftonline.com/error?code=50126"
   }
   
   

   I don't know why response suggests that my credentials are in-valid even-though i'm passing right creds.

   Could somebody help over here.

   Thanks & regards

   解决方案

   Facing the same issue when I run the below query with wrong credentials

   After providing the right credentials to below curl operations able to get token

     curl -X POST -d "client_id=clientid&scope=user.read&grant_type=password&username=username &password=password&resource=https://graph.microsoft.com " https://login.microsoftonline.com/tenantid/oauth2/token
   

   Note :Microsoft recommends you do not use the ROPC flow. In most scenarios, more secure alternatives are available and recommended. This flow requires a very high degree of trust in the application, and carries risks which are not present in other flows. You should only use this flow when other more secure flows can't be used.

   这篇关于如何在Azure AD for MS图形API中为Grant_type密码生成access_token的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！