堆栈内存溢出
  简体   繁体   English

Office 365客户端凭据中的不正确的回调会授予OAuth2流

[英]Incorrect callback in Office 365 Client credentials grant OAuth2 flow

 原文  2017-02-24 11:00:22       oauth/ oauth-2.0/ office365/ microsoft-graph

问题描述

I am playing with client credentials grant flow described here https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365 我正在使用此处描述的客户端凭据授予流程https://msdn.microsoft.com/zh-cn/office/office365/howto/building-service-apps-in-office-365

Here is my initial authorization request: https://login.microsoftonline.com/common/oauth2/authorize?nonce=c43a377e-8b75-4c7f-9fab-300f1dbc76c5&prompt=admin_consent&state=35&redirect_uri=http%3A%2F%2Flocalhost%3A6543%2Fcallback%2Foffice365&response_type=code+id_token&client_id=XXXX&scope=openid 这是我的初始授权请求: https : //login.microsoftonline.com/common/oauth2/authorize?nonce=c43a377e-8b75-4c7f-9fab-300f1dbc76c5&prompt=admin_consent&state=35&redirect_uri=http%3A%2F%2Flocalhost%3A6543%2Fcallback %2Foffice365&RESPONSE_TYPE =代码+ id_token&CLIENT_ID = XXXX&范围= OpenID的

According to the documentation I expect to receive a POST callback with a token in the body. 根据文档,我希望收到正文中带有令牌的POST回调。 But I actually receive a GET callback like this: http://localhost:6543/callback/office365#code=XXXXX&id_token=XXXXX&state=35&session_state=3a2e2c61-7e71-4f11-a9a6-f1dd8f50aeb6&admin_consent=True 但是我实际上收到了这样的GET回调: http:// localhost:6543 / callback / office365#code = XXXXX&id_token = XXXXX&state = 35&session_state = 3a2e2c61-7e71-4f11-a9a6-f1dd8f50aeb6&admin_consent = True

I actually prefer GET over POST but there is a hash sing # instead of question mark ? 我实际上更喜欢GET而不是POST,但是有一个#号而不是问号吗? in the URL, so the parameters are actually not a GET arguments. 在URL中,因此参数实际上不是GET参数。

Is there anything I can do to receive a valid callback? 我有什么办法可以收到有效的回叫?

1 个解决方案

解决方案1
 0  2017-03-06 11:41:34

By spec OAuth2 supports different response modes . 根据规范,OAuth2支持不同的响应模式 Adding response_mode=query solves the problem. 添加response_mode=query可以解决此问题。 This means MS Authorization endpoint uses response_mode=fragment by default which is not explicitly described in the documentation. 这意味着默认情况下,MS授权端点使用response_mode=fragment ,该文档中未明确描述。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 OAuth2:客户端凭据流 - OAuth2: Client Credentials flow oAuth2资源所有者密码凭据授权流程中的客户端凭据是否可选? - Are Client Credentials optional in the oAuth2 Resource Owner Password Credentials Grant flow? OAuth2“客户端凭据”授予:远程IP检查? - OAuth2 “client credentials” grant: remote IP check? BitBucket Rest API OAuth2:如何使用客户端凭证授予 - BitBucket Rest API OAuth2: How to use Client Credentials Grant OAuth2 授予类型客户端凭据 - 是否允许使用 GET 方法 - OAuth2 Grant type Client Credentials - is GET method allowed 春季安全oauth2 client_credentials仅流 - spring security oauth2 client_credentials flow only OAuth2:JWT授权授予和客户端凭据授权与JWT客户端身份验证之间的区别是什么? - OAuth2: What is the difference between the JWT Authorization Grant and Client Credentials Grant with JWT client authentication? OAuth2用户凭证授予安全性 - OAuth2 User Credentials Grant Security Laravel 和 OAuth2 的流明 - 授权类型:客户端凭据有效,但如何正确使用用户名/密码方法 - Lumen of Laravel & OAuth2 - grant type: Client Credentials working but how to use Username/Password Approach correctly OAuth2 - 受信任的客户端能否通过客户端凭据流访问用户资源 - OAuth2 - Can a trusted Client access User resources with Client Credentials flow
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM