"不支持访问许可authorization_ code"从使用OAuth 2的Azure AD [英] "The access grant authorization_code is not supported" from Azure AD using Oauth 2
问题描述
我在C格兰特流的授权$ C $的中间,提供Azure的广告。尽管文件称 grant_type 应 authorization_ code ,我收到一条错误信息有关此属性
I am in the middle of an Authorization Code Grant Flow with Azure AD. Even though the documentation says the grant_type should be authorization_code, I am getting an error message about this property.
POST https://login.windows.net/SOME_AZURE_AD_UUID/oauth2/token?api-version=1.0
Content-Type: application/x-www-form-urlencoded
client_id=SECRET_CLIENT_ID
&client_secret=SECRET_CLIENT_SECRET
&code=SECRET_CODE
&grant_type=authorization_code
&redirect_uri=https://myserver.example.com/login/auth_return
&resource=https://myserver.example.com/
&scope=openid email
(修改:空白为清楚起见加)的
(edit: whitespace added for clarity)
错误我取回:
HTTP/1.1 400 Bad request
Content-Length: 436
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Request-Id: SOME_REQUEST_ID
X-Ms-Request-Id: SOME_REQUEST_ID
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: x-ms-gateway-slice=slicea; path=/; secure; HttpOnly, stsservicecookie=acs; path=/; secure; HttpOnly
Server: Microsoft-IIS/8.0
Cache-Control: private
Date: Wed, 20 Aug 2014 14:44:08 GMT
Content-Type: application/json; charset=utf-8
{
"correlation_id": "SOME_CORRELATION_ID",
"error": "unsupported_grant_type",
"error_codes": [
70003
],
"error_description": "
ACS70003: The access grant 'authorization_code' is not supported.\r\n
Trace ID: SOME_TRACE_UUID\r\n
Correlation ID: SOME_CORRELATION_ID\r\n
Timestamp: 2014-08-20 14:44:08Z",
"timestamp": "2014-08-20 14:44:08Z",
"trace_id": "SOME_TRACE_UUID"
}
(空白为清楚起见加)的
此请求没有工作,如果我改变 grant_type 到 client_credentials (但我还没有找到一种方法,使用导致令牌我需要的东西)。它也可以,如果我改变了一些网址,指向谷歌,而不是Azure的广告。
This request does work if I change grant_type to client_credentials (but I have not found a way to use the resulting token for what I need). It also works if I change some URLs to point to Google instead of Azure AD.
有这些要求的错误还是服务真的不支持记录 grant_type authorization_ code ?
Is there a mistake with these requests or does the service genuinely not support the documented grant_type of authorization_code?
推荐答案
这是一个错误,我相信,我花了2-3天的数字出来。请执行下列操作来得到它的工作,
This is a bug I believe, and it took me 2-3 days to figure it out. Please do the following to get it working,
1)从您的网址中删除?API版本= 1.0。我知道这听起来很奇怪,但相信我,他们的文档是一个烂摊子。
1) Remove the "?api-version=1.0" from your URL. I know it sounds strange but trust me their documentation is a mess.
2)添加一个内容类型:应用程序/ x-WWW的形式urlen codeD头在你的要求(因此你必须连接code后的数据值..例如REDIRECT_URL =(EN codedURL)等
2) Add a "Content-Type": "application/x-www-form-urlencoded" header in your request (hence you'll have to encode the post data values ... for example redirect_url=(encodedURL) etc
3)从数据后 REFER 。 ..它应该像
3) Remove unnecessary fields from post data REFER ... it should be like
{
'grant_type': "authorization_code",
'resource': "your resource",
'client_id': "your client Id",
'redirect_uri': "your redirect URL",
'client_secret': "your client secret",
'code': "the code u got"
}
我看你做了2点,所以你需要做的第1点,你是好去。
I see you have done point 2 so you'll need to do point 1 and you're good to go.
此外,如果你想获得access_token快(如果没有我说的对你的作品),然后通过client_credentials在grant_type,你会得到与access_token较小的响应。但是,如果你想与refresh_token完整的响应,同时,你必须做的所有这些步骤。
Furthermore, if you want to get access_token quickly(if nothing I said works for you), then pass "client_credentials" in grant_type and you'll get a smaller response with access_token. But if you want the complete response with refresh_token as well, you'll have to do all those steps.
修改: 还有一个错误,在他们的文档,用于刷新令牌>>>网址应为 oauth2 /标记和NOT oauth2 /授权
EDIT: There is one more mistake in their documentation, for Refresh Tokens >>> the URL should be oauth2/token and NOT oauth2/authorize
希望这有助于!
这篇关于"不支持访问许可authorization_ code"从使用OAuth 2的Azure AD的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
