Microsoft Azure 目录 oAuth redirect_uri 不接受 state 查询参数
[英]Microsoft Azure Directory oAuth redirect_uri not accepting state query parameter
问题描述
I'm trying to implement the oAuth flow to sign in with Microsoft.
我正在尝试实施 oAuth 流程以使用 Microsoft 登录。 I have the following endpoints: https://login.microsoftonline.com/common/oauth2/v2.0/authorize https://login.microsoftonline.com/common/oauth2/v2.0/token我有以下端点: https://login.microsoftonline.com/common/oauth2/v2.0/authorize https://login.microsoftonline.com/common/oauth2/v2.0/token
My flow is like this: Redirect to Microsoft by clicking on Sign in with Microsoft button:我的流程是这样的:通过单击使用 Microsoft 登录按钮重定向到 Microsoft:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={client_id}&scope=user.read&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2F1%2Ffrontend%2Flogin%3Fstate%3Dtest
My redirect url is:我的重定向 url 是:
http://localhost:8000/1/frontend/login?state=test
Which is appended with the code I receive back from Microsoft.其中附有我从 Microsoft 收到的代码。
I then perform a POST request to the /token endpoint.然后我对 /token 端点执行 POST 请求。 However, I receive an error (AADSTS50011) saying:但是,我收到一个错误 (AADSTS50011) 说:
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application:
The data I send is correct, except for the redirect_uri.我发送的数据是正确的,除了redirect_uri。 I have the following value:我有以下价值:
http%3A%2F%2Flocalhost%3A8000%2F1%2Ffrontend%2Flogin%3Fstate%3Dtest
Which is just an url encoded version of my redirect url including the?state=test这只是我的重定向 url 的 url 编码版本,包括?state=test
I know that everything works fine, except the redirect_uri, because when I remove the state query param, everything works fine.我知道一切正常,除了redirect_uri,因为当我删除 state 查询参数时,一切正常。 However, to route the redirect_uri correctly in my application, I need the state param.但是,要在我的应用程序中正确路由 redirect_uri,我需要 state 参数。 I cannot add it in my App settings, and I have to include it in the first request (/authorize endpoint) That all works fine, but the second (/token) POST request fails, I cannot enter my redirect_uri with the?state= parameter.我无法将它添加到我的应用程序设置中,我必须将它包含在第一个请求中(/授权端点)一切正常,但第二个(/令牌)POST请求失败,我无法使用?state=输入我的redirect_uri范围。 I've tried several options such as encoding the redirect_uri, but it doesn't help.我已经尝试了几个选项,例如对 redirect_uri 进行编码,但它没有帮助。
All other oAuth flows (Like Github) are working fine.所有其他 oAuth 流程(如 Github)工作正常。 Except Microsoft.除了微软。
1 个解决方案
解决方案1
2 2020-08-08 16:08:22
Attach your state param to the auth request itself, don't put it in the redirect_uri param.将您的 state 参数附加到身份验证请求本身,不要将其放在 redirect_uri 参数中。 Then the state param is automatically sent back to the redirect uri.然后 state 参数会自动发送回重定向 uri。
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={client_id}&scope=user.read&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2F1%2Ffrontend%2Flogin&state=xyz https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={client_id}&scope=user.read&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2F1%2Ffrontend%2Flogin&state=xyz
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.