Expo 身份验证从 Azure AD 接收无效 JWT
[英]Expo authentication receiving invalid JWT from Azure AD
问题描述
I've been trying to add Azure authentication to a React Native Expo project, however, the JWT returned is invalid this is because the JWT's header only consists of 0.
我一直在尝试将 Azure 身份验证添加到 React Native Expo 项目,但是,返回的 JWT 无效,这是因为 JWT 的 header 仅包含 0。
Here is an example of the JWT这是 JWT 的示例
0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA
Here is my code that requests users to authenticate themselves, it uses the expo-auth-session package (Original source: https://docs.expo.dev/guides/authentication/#azure )这是我的代码,要求用户对自己进行身份验证,它使用expo-auth-session package(原始来源: https://docs.expo.dev/guides/authentication/#azure )
const config = {
clientId: '<ClientID>',
scopes: ['openid', 'profile', 'email', 'offline_access'],
redirectUri: AuthSession.makeRedirectUri({
scheme: 'com.app.scheme'
}),
};
//AuthSession.fetchDiscoveryAsync('https://login.microsoftonline.com/common/v2.0')
AuthSession.fetchDiscoveryAsync('https://login.microsoftonline.com/<TenentID>/oauth2/v2.0/token')
.then((discovery: any) => {
AuthSession.loadAsync(config, discovery).then(async (session: any) => {
// Create a request.
const request = new AuthSession.AuthRequest(config);
// Prompt for an auth code
const authResponse = await request.promptAsync(discovery, { useProxy: false });
if(authResponse.type == "success"){
console.log(authResponse); // Output response
}
});
});
Actual response实际响应
Object {
"authentication": null,
"error": null,
"errorCode": null,
"params": Object {
"code": "0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA",
"session_state": "3a4dd9ab-dc3e-4843-a83b-092508291eb3",
"state": "S4L5Zv3s2e",
},
"type": "success",
"url": "exp://127.0.0.1:19000/?code=0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA&state=S4L5Zv3s2e&session_state=3a4dd9ab-dc3e-4843-a83b-092508291eb3",
}
Has anyone else experienced this issue?还有其他人遇到过这个问题吗?
2 个解决方案
解决方案1
0 2022-01-06 09:58:57
I've solved my issue I was only doing one part of the Microsoft flow.我已经解决了我的问题,我只做 Microsoft 流程的一部分。 As I have shown above, I was receiving a code that needed to be sent back to Microsoft AD for the required access token.如上所示,我收到了一个代码,需要将其发送回 Microsoft AD 以获得所需的访问令牌。 See below for the endpoint used:有关使用的端点,请参见下文:
https://login.microsoftonline.com/<TenentID>/oauth2/v2.0/token
Here is some extra reading if you encounter this issue:如果您遇到此问题,请阅读以下内容:
https://docs.microsoft.com/en-us/advertising/guides/authentication-oauth-get-tokens?view=bingads-13#request-accesstoken https://docs.microsoft.com/en-us/advertising/guides/authentication-oauth-get-tokens?view=bingads-13#request-accesstoken
https://github.com/pinecat/azure-ad-graph-expo#readme https://github.com/pinecat/azure-ad-graph-expo#readme
Thank you for your time and information!感谢您的时间和信息!
解决方案2
0 2022-02-07 23:12:32
You're requesting back only the code, which should then call exchangeCodeAsync to get the actual token.您仅请求返回代码,然后代码应调用 exchangeCodeAsync 以获取实际令牌。 If you want the access token up front, then you need to add responseType: ResponseType.Token to your Auth Request.如果您想要预先获得访问令牌,则需要将responseType: ResponseType.Token添加到您的身份验证请求中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.