[英]Incorrect callback in Office 365 Client credentials grant OAuth2 flow
I am playing with client credentials grant flow described here https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365 我正在使用此处描述的客户端凭据授予流程https://msdn.microsoft.com/zh-cn/office/office365/howto/building-service-apps-in-office-365
Here is my initial authorization request: https://login.microsoftonline.com/common/oauth2/authorize?nonce=c43a377e-8b75-4c7f-9fab-300f1dbc76c5&prompt=admin_consent&state=35&redirect_uri=http%3A%2F%2Flocalhost%3A6543%2Fcallback%2Foffice365&response_type=code+id_token&client_id=XXXX&scope=openid 这是我的初始授权请求: https : //login.microsoftonline.com/common/oauth2/authorize?nonce=c43a377e-8b75-4c7f-9fab-300f1dbc76c5&prompt=admin_consent&state=35&redirect_uri=http%3A%2F%2Flocalhost%3A6543%2Fcallback %2Foffice365&RESPONSE_TYPE =代码+ id_token&CLIENT_ID = XXXX&范围= OpenID的
According to the documentation I expect to receive a POST callback with a token in the body. 根据文档,我希望收到正文中带有令牌的POST回调。 But I actually receive a GET callback like this: http://localhost:6543/callback/office365#code=XXXXX&id_token=XXXXX&state=35&session_state=3a2e2c61-7e71-4f11-a9a6-f1dd8f50aeb6&admin_consent=True 但是我实际上收到了这样的GET回调: http:// localhost:6543 / callback / office365#code = XXXXX&id_token = XXXXX&state = 35&session_state = 3a2e2c61-7e71-4f11-a9a6-f1dd8f50aeb6&admin_consent = True
I actually prefer GET over POST but there is a hash sing # instead of question mark ? 我实际上更喜欢GET而不是POST,但是有一个#号而不是问号吗? in the URL, so the parameters are actually not a GET arguments. 在URL中,因此参数实际上不是GET参数。
Is there anything I can do to receive a valid callback? 我有什么办法可以收到有效的回叫?
By spec OAuth2 supports different response modes . 根据规范,OAuth2支持不同的响应模式 。 Adding response_mode=query
solves the problem. 添加response_mode=query
可以解决此问题。 This means MS Authorization endpoint uses response_mode=fragment
by default which is not explicitly described in the documentation. 这意味着默认情况下,MS授权端点使用response_mode=fragment
,该文档中未明确描述。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.