Azure AD应用程序需要花时间才能激活? [英] Azure AD application takes time to activate?
问题描述
- 我正在使用Microsoft graph API在Azure租户中创建一个应用程序.同时,我还为应用程序上传了自签名证书/客户端机密.
- OAuth客户端可以通过提供用户断言来请求访问令牌.用户声明是自签名的x509证书.
当尝试使用用户断言获取访问令牌时,我观察到不同的行为:
I am observing different behaviors when trying to get access token using user assertion:
-
在尝试注册7-8小时后尝试获取应用程序的访问令牌时,我能够成功获取访问令牌.
When tried to get access token for an application after 7-8 hrs of registration process, I am able to successfully get the access token.
当试图获取立即注册的应用程序的访问令牌时,它失败并显示"Invalid_client".错误.
When tried to get access token for an immediately registered application, it fails with following "Invalid_client" error.
我在使用客户机密或自签名证书时观察到相同的行为.没有与此相关的Microsoft文档.
I am observing same behavior with client secret or self signed certificate. No Microsoft documentation is available around this.
有人可以帮我吗?附加错误屏幕截图.
Could anyone help me with the same? Attaching the error screenshot.
推荐答案
客户端机密和自签名证书生效会有一定的延迟,这是正常的.
There is some delay for the client secret and self-signed certificate to take effect, it is normal.
特定的延迟时间取决于特定的租户,在这里假设是大租户和小租户.大租户有许多目录对象,例如用户,应用程序等,小型租户只有几个对象.
The specific delay time depends on the specific tenant, let's say big tenant and small tenant here. The big tenant has many directory objects, e.g. users, applications, etc, and the small tenant just has several objects.
通过我的测试,大租户的延迟时间比小租户的时间长得多,租户越大,时间就越长,从几分钟到几小时.
Pey my test, the delay time of the big tenant is much longer than the time of the small tenant, the bigger the tenant, the longer the time, from several minutes to several hours.
因此,在您的情况下,我想您的租户应该属于大租户,您也可以自己在小租户中对其进行测试,您会发现客户机密,并且自签名证书将很快生效.
So in your case, I suppose your tenant should belong to the big tenant, you can also test it in a small tenant by yourself, you will find the client secret and self-signed certificate will take effect soon.
这篇关于Azure AD应用程序需要花时间才能激活?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
