登录时显示“您的密码不正确"的Azure B2C示例自定义策略 [英] Azure B2C Sample Custom Policy, When SignIng In Shows 'Your password is incorrect'
问题描述
我在这里遵循了入门"工作流程: https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-get-started-custom
I have followed the Getting Started workflow here: https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-get-started-custom
我从头开始进行了两次,并且两次尝试使用登录&注册自定义策略提示我您的密码不正确".如何正确验证?
I followed it from scratch, twice, and have both times when trying to sign in with the sign-in & sign-up custom policy I am prompted with 'Your password is incorrect'. How can I properly authenticate?
有效的东西:
- 注册后,用户旅程完成,并将用户添加到目录中
- 使用我可以登录并注册的内置策略
- 使用内置策略,我可以与使用自定义策略进行注册的用户登录
使用Application Insights,我可以看到以下错误.(有些卫生)
Using Application Insights I can see the following errors. (some sanitation applied)
"ValidationRequest":{
"ContentType":"Unspecified",
"Created":"2017-10-06T17:19:34.3995426Z",
"Key":"ValidationRequest",
"Persistent":true,
"Value":"client_id=55555555-5555-5555-5555-555555555555&resource=cccccccc-cccc-cccc-cccc-cccccccccccc&username=MYUSERNAME&password=PASSWORDIENTEREDONSCREEN&grant_type=password&scope=openid&nca=1;1;login-NonInteractive;False"
},
"ValidationResponse":{
"ContentType":"Json",
"Created":"2017-10-06T17:19:34.3995426Z",
"Key":"ValidationResponse",
"Persistent":true,
"Value":"{\"error\":\"invalid_client\",\"error_description\":\"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.\\r\\nTrace ID: 55555555-cccc-cccc-cccc-555555555555\\r\\nCorrelation ID: 77777777-7777-7777-7777-777777777777\\r\\nTimestamp: 2017-10-06 17:19:33Z\",\"error_codes\":[70002],\"timestamp\":\"2017-10-06 17:19:33Z\",\"trace_id\":\"55555555-cccc-cccc-cccc-555555555555\",\"correlation_id\":\"77777777-7777-7777-7777-777777777777\"};1;login-NonInteractive;False"
},
重要的一点似乎是:
"AADSTS70002:请求正文必须包含以下参数:'client_secret或client_assertion"
"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion"
后来也说:
引发了类型为'Web.TPEngine.Providers.BadArgumentRetryNeededException'的异常."
"Exception of type 'Web.TPEngine.Providers.BadArgumentRetryNeededException' was thrown."
我已经仔细检查了一些内容:
Some things I've double checked:
- 在身份体验框架">策略密钥"中,按照指南中的步骤操作后,我具有以下4个密钥:
- B2C_1A_AdminClientEncryptionKeyContainer
- B2C_1A_FacebookSecret
- B2C_1A_TokenEncryptionKeyContainer
- B2C_1A_TokenSigningKeyContainer
- IdentityExperienceFramework
- ProxyIdentityExperienceFramework
- 我已经点击了这两个应用程序的授予权限".
我们非常感谢您的帮助.谢谢.
Any help is much appreciated. Thank you.
推荐答案
您的 ProxyIdentityExperienceFramework 应用被错误地创建为Web App/API.您需要将其重新创建为本机应用程序.请确保不要忘记将基本策略中的client_ids更新为新的ProxyIdentityExperienceFramework.
Your ProxyIdentityExperienceFramework app was incorrectly created as a Web App/API. You need to recreate it as a Native app. Make sure you don't forget to update the client_ids in your base policy to the new ProxyIdentityExperienceFramework accordingly.
错误 AADSTS70002:请求正文必须包含以下参数:当您尝试使用client_id为已注册为Web App/API的应用程序获取令牌时,发生'client_secret或client_assertion 但未提供所需的client_secret.对于本机应用程序,则不需要client_secret.
The error AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion occurs when you try to obtain a token using a client_id for an application that was registered as a Web App/API but are not providing the required client_secret. In the case of Native app, there is no client_secret required.
登录后,Azure AD B2C的信任框架(执行自定义策略的事物)在内部尝试使用ProxyIdentityExperienceFramework应用程序(本机应用程序)获取IdentityExperienceFramework应用程序(Web API)的令牌.如果您错误地将后者创建为Web App/API,则B2C的策略引擎将无法获取向用户显示您的密码错误错误消息的令牌.
When sign in, Azure AD B2C's trust framework (the thing that executes custom policies) internally attempts to obtain a token for the IdentityExperienceFramework app (Web API) using the ProxyIdentityExperienceFramework app (Native app). If you incorrectly create the latter as a Web App/API, B2C's policy engine will fail to obtain the token which manifests itself as a Your password is incorrect error message to the user.
这篇关于登录时显示“您的密码不正确"的Azure B2C示例自定义策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
