[英]Discord api returns 401 unauthorized when trying signin via Azure AD B2C custom policy
I'm building up an app that uses Discord OAuth2 to various purposes including user identity, but have encountered an issue that Discord api returns 401 (unauthorized) error when a user tries to signin. 我正在构建一个使用Discord OAuth2达到各种目的(包括用户身份)的应用程序,但是遇到一个问题,当用户尝试登录时Discord api返回401(未经授权)错误。
I have a B2C tenant that have the custom policy that contain the ClaimsProbider
written as: 我有一个B2C租户,该租户的自定义策略包含的ClaimsProbider
编写为:
<ClaimsProvider>
<!-- The following Domain element allows this profile to be used if the request comes with domain_hint
query string parameter, e.g. domain_hint=Discord.com -->
<Domain>Discord.com</Domain>
<DisplayName>Discord</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="Discord-OAUTH">
<!-- The text in the following DisplayName element is shown to the user on the claims provider
selection screen. -->
<DisplayName>Discord</DisplayName>
<Protocol Name="OAuth2" />
<Metadata>
<Item Key="ProviderName">Discord</Item>
<Item Key="authorization_endpoint">https://discordapp.com/api/oauth2/authorize</Item>
<Item Key="AccessTokenEndpoint">https://discordapp.com/api/oauth2/token</Item>
<Item Key="ClaimsEndpoint">https://discordapp.com/api/users/@me</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="UsePolicyInRedirectUri">0</Item>
<Item Key="client_id">[my key]</Item>
<Item Key="scope">identify email connections guilds.join rpc rpc.api rpc.notifications.read messages.read</Item>
<Item Key="AccessTokenResponseFormat">json</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_DiscordSecret" />
</CryptographicKeys>
<InputClaims />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" DefaultValue="id" />
<OutputClaim ClaimTypeReferenceId="givenName" DefaultValue="first_name" />
<OutputClaim ClaimTypeReferenceId="surname" DefaultValue="last_name" />
<OutputClaim ClaimTypeReferenceId="displayName" DefaultValue="name" />
<OutputClaim ClaimTypeReferenceId="email" DefaultValue="email"/>
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="Discord.com" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
The error I collected via Application Insights is: 我通过Application Insights收集的错误是:
{
""Kind"": ""HandlerResult"",
""Content"": {
""Result"": true,
""RecorderRecord"": {
""Values"": [
{
""Key"": ""SendErrorTechnicalProfile"",
""Value"": ""OAuth2ProtocolProvider""
},
{
""Key"": ""Exception"",
""Value"": {
""Kind"": ""Handled"",
""HResult"": ""80131500"",
""Message"": ""An exception was caught when making a request to URL \""https://discordapp.com/api/users/@me\"" using method \""Get\"". The exception status code was \""ProtocolError\"" with the following message: {scrubbed}."",
""Data"": {},
""Exception"": {
""Kind"": ""Handled"",
""HResult"": ""80131509"",
""Message"": ""The remote server returned an error: (401) Unauthorized."",
""Data"": {}
}
}
}
]
}
}
Here 'sa solution to avoid getting 401 when requesting a claim to the api, but I'm not sure how it works in this situation with a custom policy on B2C tenant. 这里是避免在请求api索赔时获取401的解决方案,但是我不确定使用B2C租户的自定义策略在这种情况下如何工作。
Could anyone please provide a suggestion to this issue? 有人可以对此问题提供建议吗?
The Discord API requires the access token to be sent in the Authorization
HTTP header. Discord API要求在Authorization
HTTP标头中发送访问令牌。
By default, Azure AD B2C sends the access token in the query string, so you must add the BearerTokenTransmissionMethod metadata item to the technical profile: 默认情况下,Azure AD B2C在查询字符串中发送访问令牌,因此必须将BearerTokenTransmissionMethod元数据项添加到技术配置文件中:
<TechnicalProfile Id="Discord-OAUTH">
<Metadata>
<Item Key="BearerTokenTransmissionMethod">AuthorizationHeader</Item>
</Metadata>
</TechnicalProfile>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.