图形 API - 获取“远程服务器返回错误:(400)错误请求。”使用多租户请求 AccessToken 时出错
[英]Graph API - Getting "The remote server returned an error: (400) Bad Request."Error while request AccessToken using multiTenant
问题描述
Actually I'm trying to get Access Token using Using the TenantId after Admin consent successfully completed admin by using the following endpoint
实际上,我正在尝试使用以下端点在管理员同意成功完成管理员后使用使用 TenantId 获取访问令牌
https://login.microsoftonline.com/common/adminconsent
then I am requesting the AccessToken Endpoint Using Tenant ID然后我使用租户 ID 请求 AccessToken 端点
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
by using HttpWebRequest by passing all the required fields通过传递所有必填字段来使用 HttpWebRequest
tenant : 6292ef34-37a8-4687-b8b3-7dd8d54a8a42
Code for API call using HttpWebRequest使用 HttpWebRequest 进行 API 调用的代码
public static string AdminConsentAccessToken(string tenant, string state = "", string admin_concent = "")
{
string postData="{\"client_id\":\"65577dd2-cc76-46af-a1ac-71582eac6af2\",\"scope\":\"https://graph.microsoft.com/.default",\"client_secret\":\"my_client_secret\","\grant_type\":"\client_credentials\"}"
string result = string.Empty;
try
{
var httpRequest = (HttpWebRequest)WebRequest.Create($"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token");
httpRequest.Method = "POST"; ;
httpRequest.Accept = "application/json";
httpRequest.ContentType = "application/x-www-form-urlencoded";
using (var streamWriter = new StreamWriter(httpRequest.GetRequestStream()))
{
streamWriter.Write(postData);
}
var httpResponse = (HttpWebResponse)httpRequest.GetResponse();
using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
{
result = streamReader.ReadToEnd();
}
}
catch (Exception ex)
{
//exception
}
return result;
}
With this code I am getting following error : "The remote server returned an error: (400) Bad Request."使用此代码,我收到以下错误:“远程服务器返回错误:(400)错误请求。” and status : Protocol Error, can you please check code suggest what went wrong.和状态:协议错误,请您检查代码提示出了什么问题。
and I have tried this from post man also the i am getting 400 - Bad Request (The request cannot be fulfilled due to bad syntax.)我也从邮递员那里试过这个,我得到 400 - 错误请求(由于语法错误,请求无法完成。)
POST : https://login.microsoftonline.com/6292ef34-37a8-4687-b8b3-7dd8d54a8a42/oauth2/v2.0/token
Header : Content-Type : application/x-www-form-urlencoded
Body :
{
"grant_type": "client_credentials",
"client_id":"65577dd2-cc76-46af-a1ac-71582eac6af2",
"scope":"https://graph.microsoft.com/.default",
"client_secret": "my_client_secret"
}
Response :
{
"error": "invalid_request",
"error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: 68beea44-7863-4e08-97c9-526ada9d0300\r\nCorrelation ID: 064a85fe-6d37-43bd-ae59-3dca04232188\r\nTimestamp: 2022-06-24 09:08:56Z",
"error_codes": [
900144
],
"timestamp": "2022-06-24 09:08:56Z",
"trace_id": "68beea44-7863-4e08-97c9-526ada9d0300",
"correlation_id": "064a85fe-6d37-43bd-ae59-3dca04232188",
"error_uri": "https://login.microsoftonline.com/error?code=900144"
}
4 个解决方案
解决方案1
0 2022-06-27 05:54:42
尝试使用application/json作为请求的Content-Type标头,而不是application/x-www-form-urlencoded 。
解决方案2
0 2022-06-27 05:59:18
In the Postman ensure that checkbox x-www-urlencoded is selected on tab Body .在 Postman 中,确保在选项卡Body上选中复选框x-www-urlencoded 。
Looks like you are sending data in json format.看起来您正在以json格式发送数据。
解决方案3
0 2022-06-27 06:01:12
I can get access token by your request我可以根据您的要求获取访问令牌
But this doesn't mean you can get access token by simulating a post request in your code, Microsoft require users to use Msal library to authenticate and get access token.但这并不意味着您可以通过在代码中模拟发布请求来获取访问令牌,微软要求用户使用Msal 库进行身份验证并获取访问令牌。 For example, with client credential flow to get access token:例如,使用客户端凭据流获取访问令牌:
using Azure.Identity;
var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "tenant_name.onmicrosoft.com";
var clientId = "your_azuread_clientid";
var clientSecret = "corresponding_client_secret";
var clientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret);
var tokenRequestContext = new TokenRequestContext(scopes);
var token = clientSecretCredential.GetTokenAsync(tokenRequestContext).Result.Token;
If you used msal sdk to authenticate your app, you can also use graph sdk to call graph api:如果您使用 msal sdk 对您的应用进行身份验证,您还可以使用 graph sdk 调用 graph api:
using Azure.Identity;
using Microsoft.Graph;
var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "hanxia.onmicrosoft.com";
var clientId = "azure_ad_app_id";
var clientSecret = "client_secret";
var clientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var temp = await graphClient.Users.Request().GetAsync();
解决方案4
0 2022-06-27 06:15:42
You create a request model:您创建一个请求模型:
public class ReqModel
{
public string client_id{ get; set; }
public string scope{ get; set; }
public string client_secret{ get; set; }
public string grant_type{ get; set; }
}
Then you try to create postData like this:然后你尝试像这样创建 postData:
ReqModel reqModel = new()
{
client_id = "65577dd2-cc76-46af-a1ac-71582eac6af2",
scope = "https://graph.microsoft.com/.default",
client_secret = "my_client_secret",
grant_type = "client_credentials"
};
string postData = JsonConvert.SerializeObject(reqModel, Newtonsoft.Json.Formatting.Indented);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.