Azure AD OAuth2 访问令牌请求错误 - 400 错误请求 [英] Azure AD OAuth2 Access Token Request Error - 400 Bad Request
问题描述
我的 WPF 桌面应用程序 (C#) 正在尝试通过 Microsoft Graph API 读取用户的 Outlook 电子邮件.我卡在身份验证过程中;我已经收到了一个身份验证代码,现在我正在尝试从 Azure 获取访问令牌,但在发送对访问令牌的请求时,不断收到 HTTP 400 错误代码:
My WPF desktop application (C#) is attempting to read the user's Outlook emails through the Microsoft Graph API. I am stuck in the authentication process; I've already received an authentication code and now I'm trying to get an access token from Azure but keep getting a HTTP 400 error code when sending out the request for the access token:
/**** Auth Code Retrieval ****/
string authCodeUrl = "https://login.microsoftonline.com/common/oauth2/authorize";
authCodeUrl += "?client_id" = clientId;
authCodeUrl += "&redirect_uri=" + redirectUri;
authCodeUrl += "&response_type=code";
authCodeUrl += "&resource=https%3A%2F%2Fgraph.microsoft.com%2F";
Process.start(authUrl); // User logs in, we get the auth code after login
string code = "......"; // Hidden for this post
/**** Access Token Retrieval ****/
string tokenUrl = "https://login.microsoftonline.com/common/oauth2/token"
string content = "grant_type=authorization_code";
content += "&client_id=" + clientId;
content += "&resource=https%3A%2F%2Fgraph.microsoft.com%2F";
content += "&code=" + code;
content += "&redirect_uri=" + redirectUri;
WebRequest request = WebRequest.Create(tokenUrl);
request.ContentType = "application/x-www-form-urlencoded";
byte[] data = Encoding.UTF8.GetBytes(content);
request.ContentLength = data.Length;
request.Method = "POST";
try
{
using (Stream stream = request.GetRequestStream())
{
stream.Write(data, 0, data.Length);
}
WebResponse response = request.GetResponse(); // This throws exception
}
catch (Exception error) // This catches the exception
{
Console.WriteLine(error.Message); // Outputs 400, bad request
}
以上是用于检索身份验证代码的代码,然后是尝试检索访问令牌的代码.我们没有 client_secret,因为机密仅适用于 Web 应用程序,并且这是本机桌面 WPF 应用程序.我已经读到这不是问题.网上看了很多教程和官方文档,主要是官方Graph授权文档 而我仍然无法弄清楚我做错了什么.任何帮助将不胜感激,谢谢.
The above is the code used to retrieve the auth code followed by the attempt to retrieve the access token. We do not have a client_secret because secrets are only for Web applications and this is a native desktop WPF application. I have read that this isn't an issue though. I have followed many tutorials and official docs online, mainly the official Graph authorization doc and I still cannot figure out what I am doing wrong. Any help would be greatly appreciated, thank you.
推荐答案
我使用了 fiddler 调试请求,我找到了完整的错误消息:用户或管理员未同意使用该应用程序.我在谷歌上搜索了这条消息,发现了一些堆栈文章和 github 问题线程,它们引导我找到解决方案:我的请求一直在基本 URL 中使用common"作为租户 ID,而实际上我需要使用我的 Azure 租户我通过这个 answer on stack 获得的 ID.我的身份验证请求的新基本 URL 现在看起来像:
I used fiddler to debug the request and I found the full error message: The user or administrator has not consented to use the application. I googled this message for a bit and found some stack articles and github issue threads that lead me to the solution: my request had been using "common", in the base URL, as the tenant ID when actually I needed to use my Azure tenant ID which I acquired through this answer on stack. My new base URL for the authentication requests now looks like:
https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/authorize
其中xxxx-....xxx"将替换为您的 Azure 租户 ID!
where "xxxx-....xxx" would be replaced by your Azure tenant id!
这篇关于Azure AD OAuth2 访问令牌请求错误 - 400 错误请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
