[英]Microsoft Graph API redirect_uri doesn't allow query strings
We're trying to move from the older WindowsLive API to the new Microsoft Graph API. 我们正在尝试从旧的WindowsLive API迁移到新的Microsoft Graph API。 In the process, we're running into difficulty with the required OAuth 2.0
redirect_uri
parameter in the app. 在此过程中,我们在应用程序中使用必需的OAuth 2.0
redirect_uri
参数遇到了困难。
According to the Oauth 2.0 RFC , the redirect_uri
must be an absolute path but can contain a properly encoded query string. 根据Oauth 2.0 RFC ,
redirect_uri
必须是绝对路径,但可以包含正确编码的查询字符串。
In our Windows app, we've setup the absolute path - their application tool doesn't allow query strings to be added: https://example.com/index.php
在Windows应用程序中,我们设置了绝对路径-它们的应用程序工具不允许添加查询字符串:
https://example.com/index.php
: https://example.com/index.php
The OAuth request we make uses a redirect_uri
with URL Encoding, including query params. 我们发出的OAuth请求使用带有URL编码的
redirect_uri
,包括查询参数。 This is necessary, we use a CMS (Joomla) that needs to know what should handle the request: 这是必要的,我们使用的CMS(Joomla)需要知道应处理什么内容:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
response_type=code&
client_id={string}&
redirect_uri=https%3A%2F%2Fexample.com%2Findex.php%3Foption%3Dcom_jfbconnect%26task%3Dauthenticate.callback%26provider%3Dwindowslive&
scope=user.read&
state={string}&
access_type=offline&
approval_prompt=auto
However, the Graph API rejects this with: 但是,Graph API拒绝此操作:
"The reply url specified in the request does not match the reply urls configured for the application"
“请求中指定的回复URL与为应用程序配置的回复URL不匹配”
Anyone else run into this or understand why the Graph API doesn't accept query parameters either in the app configuration or on the token requests? 还有其他人遇到这个问题或理解为什么Graph API在应用程序配置或令牌请求中都不接受查询参数吗?
Edit - 5/8 - However, the application setup area does not allow query strings in the redirect_uri setting, which is correct according to the RFC. 编辑- 5/8 -但是,应用程序设置区不允许在REDIRECT_URI设置,根据RFC这是正确的查询字符串。 However, the Graph API isn't respecting this note of the RFC:
但是,Graph API不遵守RFC的以下说明:
The endpoint URI MAY include an "application/x-www-form-urlencoded" formatted (per Appendix B) query component ([RFC3986] Section 3.4), which MUST be retained when adding additional query parameters.
This isn't actually being rejected by Microsoft Graph. Microsoft Graph实际上并没有拒绝这种情况。 Microsoft Graph is simply an API and it doesn't generate or manage access tokens.
Microsoft Graph只是一个API,它不生成或管理访问令牌。 That process is handled by Azure Active Directory.
该过程由Azure Active Directory处理。
The error you're getting is due to your redirect_uri
not being configured in your app registration at https://apps.dev.microsoft.com . 您收到的错误是由于未在https://apps.dev.microsoft.com的应用程序注册中配置
redirect_uri
引起的。 The URL must explicitly match the URL configured in the registration. 该URL必须明确匹配注册中配置的URL。 From the documentation :
从文档中 :
The
redirect_uri
of your app, where authentication responses can be sent and received by your app.应用程序的
redirect_uri
,您的应用程序可以在其中发送和接收身份验证响应。 It must exactly match one of the redirect URIs you registered in the portal, except it must be url encoded.它必须完全与您在门户中注册的重定向URI之一匹配 ,但必须经过url编码。
For scenarios where you need to pass data through, you should encode those values in your state
parameter. 对于需要传递数据的方案,应该在
state
参数中对这些值进行编码。 This will be returned to your redirect URI along with the authorization code. 这将与授权代码一起返回到您的重定向URI。
Also note that neither access_type=offline
or approval_prompt=auto
are valid query parameters: 还要注意,
access_type=offline
或access_type=offline
approval_prompt=auto
都不是有效的查询参数:
refresh_token
, you add offline
to your list of scopes ( user.read+offline
). refresh_token
,可以将offline
添加到范围列表( user.read+offline
)。 prompt
parameter. prompt
参数。 Valid options are login
, none
, and consent
. login
, none
和consent
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.