OAuth 2.0 和 Azure Active Directory - 错误 AADSTS90009 [英] OAuth 2.0 and Azure Active Directory - error AADSTS90009
问题描述
我正在尝试使用 OAuth 2.0 和 Azure AD 授权访问我们的 Web 应用程序.指南 此处.
I'm trying to authorize access to our web application by using OAuth 2.0 and Azure AD. Guide here.
用户被重定向到类似的 URL:
The user is redirected to similar URL:
https://login.microsoftonline.com/common/oauth2/authorize?
client_id=d220846b-1916-48d2-888b-9e16f6d9848b&
response_type=code&
response_mode=query&
state=[secure-random]&
redirect_uri=[my_uri]&
resource=[my app ID uri taken from app settings]
然后我收到以下错误:
AADSTS90009:应用程序d220846b-1916-48d2-888b-9e16f6d9848b"是为自己请求令牌.仅在以下情况下才支持此方案资源是使用基于 GUID 的应用标识符指定的.
AADSTS90009: Application 'd220846b-1916-48d2-888b-9e16f6d9848b' is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.
这个描述对我没有帮助.我已经检查过这个 线程,但我还是迷路了.
This description does not really help me. I've checked this thread, but I'm still lost.
这个错误是什么意思,哪个是基于 GUID 的应用标识符?资源的价值应该是什么样的?非常感谢帮助.
What does this error mean and which is the GUID based App Identifier? How should the value of the resource look like? Help much appreciated.
推荐答案
此错误表示您在 resource 参数中提供的字段正在为其自身请求令牌.如果您确实想为在 client_id 中指定的应用程序获取令牌,那么您必须在资源字段中传递 client_id 而不是应用程序 ID URI.此时,您将收到 self 的访问令牌.
This error is saying that the field you provided in the resource parameter is requesting tokens for itself. In the case you do want to get a token for the app specified in the client_id, then you have to pass the client_id in the resource field rather than the app ID URI. At which point you will receive an access token for self.
或者,您可以提供已注册的 Web API 的应用 ID URI 或具有范围的其他资源以获取该资源(Microsoft Graph、Office API 等)的令牌.
Alternatively, you can provide an app ID URI of a web API you've registered or another resource with scopes to get tokens for that resource (Microsoft Graph, Office API, etc).
这篇关于OAuth 2.0 和 Azure Active Directory - 错误 AADSTS90009的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
