Microsoft Graph API 访问令牌验证失败 [英] Microsoft Graph API access token validation failure

问题描述

我使用这个 URL 来获取 id_token:

I use this URL to get id_token:

https://login.microsoftonline.com/common/oauth2/authorize?
response_type=id_token%20code&
client_id=MY_CLIENT_GUID_ID_IN_HERE&
redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fopenid%2Freturn&nonce=alfaYYCTxBK8oypM&
state=6DnAi0%2FICAWaH14e

这个返回结果是这样的

http://localhost:3000/auth/openid/return?
code=AAA_code_in_here&
id_token=eyJ0eXAi_xxxx_yyyy_in_here&
state=6DnAi0%2FICAWaH14e&
session_state=xxxx_guid_xxxxx

然后我使用 id_token 来查询 Graph(使用 POST 人)

and then i use the id_token to query Graph (use POST man)

我看到了这篇文章 InvalidAuthenticationToken 和 CompactToken 问题 - Microsoft使用 PHP Curl 绘制图表 但没有意义.

i have see this post InvalidAuthenticationToken and CompactToken issues - Microsoft Graph using PHP Curl but make no sense.

推荐答案

OATH 2.0 需要多个步骤.第一个请求返回一个 OAUTH 代码.下一步是将 OATUH 代码转换为不记名令牌.这是您在这里缺少的步骤.

OATH 2.0 requires multiple steps. The first request returns an OAUTH Code. The next step is converting that OATUH code into a Bearer Token. This is the step you are missing here.

我还建议使用很多 v2 Endpoint更易于使用(尤其是 Graph).我写了一个 v2 Endpoint Primer 来介绍整个过程，并且可能也会有所帮助.

I would also recommend using the v2 Endpoint which is a lot easier to work with (particularly with Graph). I wrote a v2 Endpoint Primer that walks through the process and may be helpful as well.

这篇关于Microsoft Graph API 访问令牌验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！