从 Postman 获取访问令牌:为“单页应用程序"客户端类型发布的令牌只能通过跨域请求兑换 [英] Getting access tokens from Postman: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests

问题描述

我们最近为我们的应用程序从隐式授权流切换到使用 PKCE 的授权代码流，现在我们在从 Postman 的 Azure AD 获取访问令牌时遇到了一些问题.该应用程序在 Azure AD 中注册，我们基本上使用此处描述的 Postman 程序:https://developer.mypurecloud.com/api/rest/postman/index.html#enable_authorization.调用 https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize 端点工作正常，但调用 https://login 时出错.microsoftonline.com/{tenant}/oauth2/v2.0/token:

We recently made a switch from Implicit Grant Flow to Authorization Code Flow with PKCE for our application, and now we're having some trouble getting access tokens from Azure AD from Postman. The app is registered in Azure AD and we're basically using the Postman procedure described here: https://developer.mypurecloud.com/api/rest/postman/index.html#enable_authorization. Calling the https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize endpoint works ok, but it hits an error when calling https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token:

"Error: Cound not complete OAuth 2.0 token request: "AADSTS9002327: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests.
Trace ID: 8253f622-3425-4d0a-817c-281f86097300
Correlation ID: 9d84460f-ec02-4ace-af03-14d948e3d4ad
Timestamp: 2020-04-15 14:02:03Z"

这是访问令牌请求:

我们如何通过这个授权流程使用 Postman 从 Azure AD 获取访问令牌?

How can we get access tokens from Azure AD using Postman with this authorization flow?

推荐答案

显然这是一个问题，因为文档令人困惑.

Apparently this is a problem as the documentation is confusing.

通过 Azure Active Directory 应用程序注册.确保将重定向 URL 添加到移动和桌面应用程序"上.类别.

Over the Azure Active Directory App Registration. Make sure you add the redirect url over the "Mobile and desktop applications" category.

当您阅读文档时，您似乎需要在单页应用程序下添加 重定向 URL.它甚至显示确认消息说您的重定向 URI 有资格使用 PKCE 的授权代码流."但不是真的.

When you read the documentation looks like you need to add the Redirect URL under the Single Page Apps. It even shows confirmation message saying "Your Redirect URI is eligible for the Authorization Code Flow with PKCE." but is not true.

这篇关于从 Postman 获取访问令牌:为“单页应用程序"客户端类型发布的令牌只能通过跨域请求兑换的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！