AADSTS5002710:无效的 JWT 令牌:标头格式错误 [英] AADSTS5002710: Invalid JWT token: header is malformed
问题描述
我正在尝试实施代表"在我的客户端 (ReactJS)、Express + Node.js 服务器 (API) 和 Microsoft Graph 之间流动.
到目前为止,我已经向微软(客户端)请求了一个 accessToken,并且已经向我的 API 发出了请求.
我遇到了错误AADSTS5002710:无效的 JWT 令牌:标头格式错误."当我尝试从我的 API 向 https://login.microsoftonline.com/tenantID/oauth2/v2.0/token
完全错误:
<代码>{错误:'invalid_request',error_description: 'AADSTS5002710: 无效的 JWT 令牌:标头格式错误.
' +'跟踪 ID: 068a382b-6f83-40f6-b1b1-7134223f4500
' +'相关 ID: f46a2c03-84e8-46b3-b9d6-467174befa0b
' +'时间戳:2021-01-06 16:26:40Z',错误代码:[5002710],时间戳:'2021-01-06 16:26:40Z',trace_id: '068a382b-6f83-40f6-b1b1-7134223f4500',相关ID:'f46a2c03-84e8-46b3-b9d6-467174befa0b'}
我的请求正文根据教程https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow".
由于微软在线服务器的结果,我不断收到上述错误.
我使用自己的自定义范围发出了原始(客户端)请求api://54ee17f...cfe06/Access.Test
我按照教程在 Postman 中使用 On-Behalf-Of flow.但效果很好.
我的步骤:
- 将 Web API B 的 API 权限添加到 Web API A
- 请求 Web API A 以获取访问令牌(
assertion
of next step) with auth code flow
获取
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?scope={like api://1108f6-xxxxxxx-9f622/test} openid&redirect_uri={Web API A 的redirect_uri}&nonce=123&client_id={Web API A 的客户端 ID}&response_type=id_token 令牌
- 请求 Web API B 以获取 Microsoft Graph API 的访问令牌
发布
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/tokengrant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id={Web API B 的client_id}&client_secret={client_secret}&assertion={上一步的访问令牌}&scope=https://graph.microsoft.com/user.read offline_access&requested_token_use=on_behalf_of
- 调用 Microsoft Graph API,例如
GET https://graph.microsoft.com/v1.0/users
.
您可以在
I am trying to implement the "On-Behalf-Of" flow between my Client (ReactJS), Express + Node.js server (API), and Microsoft Graph.
So far I have requested an accessToken from microsoft (Client), and have made a request to my API.
I have ran into the error "AADSTS5002710: Invalid JWT token: header is malformed." when I try to make an Axios post request from my API to https://login.microsoftonline.com/tenantID/oauth2/v2.0/token
Full Error:
{
error: 'invalid_request',
error_description: 'AADSTS5002710: Invalid JWT token: header is malformed.
' +
'Trace ID: 068a382b-6f83-40f6-b1b1-7134223f4500
' +
'Correlation ID: f46a2c03-84e8-46b3-b9d6-467174befa0b
' +
'Timestamp: 2021-01-06 16:26:40Z',
error_codes: [ 5002710 ],
timestamp: '2021-01-06 16:26:40Z',
trace_id: '068a382b-6f83-40f6-b1b1-7134223f4500',
correlation_id: 'f46a2c03-84e8-46b3-b9d6-467174befa0b'
}
The body of my request is according to the tutorial "https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow".
I am constantly getting the error above as the result from microsoft online servers.
I have made the original (Client) request with my own custom scope api://54ee17f...cfe06/Access.Test
I follow the tutorial to use On-Behalf-Of flow in Postman. But it works well.
My steps here:
- Add API permission of Web API B to Web API A
- Request Web API A to get access token(
assertion
of next step) with auth code flow
GET
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
?scope={like api://1108f6-xxxxxxx-9f622/test} openid
&redirect_uri={redirect_uri of Web API A}
&nonce=123
&client_id={client-id of Web API A}
&response_type=id_token token
- Request Web API B to get the access token for Microsoft Graph API
POST
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
&client_id={client_id of Web API B}
&client_secret={client_secret}
&assertion={access token from previous step}
&scope=https://graph.microsoft.com/user.read offline_access
&requested_token_use=on_behalf_of
- Call Microsoft Graph API, like
GET https://graph.microsoft.com/v1.0/users
.
You could decode your access token(assertion) in https://jwt.io/, and check the HEADER
.
这篇关于AADSTS5002710:无效的 JWT 令牌:标头格式错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!