[英]Azure MSAL node ClientAuthError
I am trying to use @azure/msal-node on a node backend server.我正在尝试在节点后端服务器上使用 @azure/msal-node。
I follow the tutorial on their Github page and when I try to call acquireTokenByCode i get this error:我按照他们的 Github 页面上的教程进行操作,当我尝试调用 acquireTokenByCode 时出现此错误:
[Tue, 30 Aug 2022 08:23:34 GMT] : @azure/msal-node@1.12.1 : Info - getAuthCodeUrl called
[Tue, 30 Aug 2022 08:23:34 GMT] : @azure/msal-node@1.12.1 : Verbose - initializeRequestScopes called
[Tue, 30 Aug 2022 08:23:34 GMT] : : @azure/msal-node@1.12.1 : Verbose - buildOauthClientConfiguration called
[Tue, 30 Aug 2022 08:23:34 GMT] : : @azure/msal-node@1.12.1 : Verbose - building oauth client configuration with the authority: https://login.microsoftonline.com/common/
[Tue, 30 Aug 2022 08:23:34 GMT] : : @azure/msal-node@1.12.1 : Verbose - createAuthority called
[Tue, 30 Aug 2022 08:23:34 GMT] : : @azure/msal-node@1.12.1 : Verbose - Auth code client created
[Tue, 30 Aug 2022 08:23:35 GMT] : @azure/msal-node@1.12.1 : Info - acquireTokenByCode called
[Tue, 30 Aug 2022 08:23:35 GMT] : @azure/msal-node@1.12.1 : Verbose - initializeRequestScopes called
[Tue, 30 Aug 2022 08:23:35 GMT] : : @azure/msal-node@1.12.1 : Verbose - buildOauthClientConfiguration called
[Tue, 30 Aug 2022 08:23:35 GMT] : : @azure/msal-node@1.12.1 : Verbose - building oauth client configuration with the authority: https://login.microsoftonline.com/common/
[Tue, 30 Aug 2022 08:23:35 GMT] : : @azure/msal-node@1.12.1 : Verbose - createAuthority called
[Tue, 30 Aug 2022 08:23:35 GMT] : : @azure/msal-node@1.12.1 : Verbose - Auth code client created
[Tue, 30 Aug 2022 08:23:35 GMT] : : @azure/msal-common@7.3.0 : Info - in acquireToken call
ClientAuthError: network_error: Network request failed. Please check network trace to determine root cause. | Fetch client threw: Error: HTTP status code 401 | Attempted to reach: https://login.microsoftonline.com/common/oauth2/v2.0/token
at ClientAuthError.AuthError [as constructor] (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:500:24)
at new ClientAuthError (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:802:28)
at Function.ClientAuthError.createNetworkError (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:845:16)
at NetworkManager.<anonymous> (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:3418:51)
at step (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:79:23)
at Object.throw (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:60:53)
at rejected (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:51:65)
at processTicksAndRejections (internal/process/task_queues.js:94:5) {
errorCode: 'network_error',
errorMessage: 'Network request failed. Please check network trace to determine root cause. | Fetch client threw: Error: HTTP status code 401 | Attempted to reach: https://login.microsoftonline.com/common/oauth2/v2.0/token',
subError: '',
name: 'ClientAuthError'
}
My code:我的代码:
const loggerOptions = { loggerCallback(loglevel, message, containsPii) { console.log(message); }, piiLoggingEnabled: false, logLevel: msal.LogLevel.Verbose, } const clientConfig = { auth: { clientId: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", authority: "https://login.microsoftonline.com/common/", }, system: { loggerOptions: loggerOptions } }; publicMicrosoftClient = new msal.PublicClientApplication(clientConfig); app.get('/connect', function (req, res) { const authCodeUrlParameters = { scopes: ['https://outlook.office.com/IMAP.AccessAsUser.All', 'https://outlook.office.com/SMTP.Send', 'offline_access', 'openid', 'profile', 'Mail.ReadWrite', 'Mail.Send', 'MailboxSettings.Read', 'MailboxSettings.ReadWrite', 'IMAP.AccessAsUser.All'], redirectUri: "http://localhost:4220/redirect", }; client.getAuthCodeUrl(authCodeUrlParameters).then((response) => { res.json(response); }).catch((error) => console.log(JSON.stringify(error))); }); app.get('/redirect', function (req, res) { const tokenRequest = { redirectUri: "http://localhost:4220/redirect", scopes: ['https://outlook.office.com/IMAP.AccessAsUser.All', 'https://outlook.office.com/SMTP.Send', 'offline_access', 'openid', 'profile', 'Mail.ReadWrite', 'Mail.Send', 'MailboxSettings.Read', 'MailboxSettings.ReadWrite', 'IMAP.AccessAsUser.All'], code: req.query.code }; const authCodeResponse = { code: req.query.code } client.acquireTokenByCode(tokenRequest, authCodeResponse).then((response) => { console.log("Successfully acquired token using Authorization Code."); res.sendStatus(200); }).catch((error) => { console.log(error); res.status(500).send(error); }); });
The first request works fine.第一个请求工作正常。 I can connect with the link and I am well redirected on /redirect
我可以连接到该链接,并且在 /redirect 上被很好地重定向
If anyone has an idea what's going on?如果有人知道发生了什么?
Node version: 12.14.0节点版本:12.14.0
@azure/msal-node version: 1.12.1 @azure/msal-node 版本:1.12.1
Please check,it can be issue when DNS is not resolved.Try to replace localhost with the IP address of your machine.请检查,当 DNS 未解析时可能会出现问题。尝试将 localhost 替换为您机器的 IP 地址。
https://login.microsoftonline.com/common/oauth2/nativeclient
for apps using embedded browsers or with http://localhost
for apps using system browsers.https://login.microsoftonline.com/common/oauth2/nativeclient
用于使用嵌入式浏览器的应用程序或http://localhost
用于使用系统浏览器的应用程序。openid
offline_access
, profile
permissions, please check the same api permissions are given in azure ad portal and been granted admin consent
from portal or while authentication.openid
offline_access
、 profile
权限,请检查在 azure 广告门户中提供的相同 api 权限,并已从门户网站或身份验证中granted admin consent
。/authorize
endpoint and requests scopes like the openid
, offline_access
, and https://graph.microsoft.com/mail.read
permissions from the user./authorize
端点,并向用户请求诸如openid
、 offline_access
和https://graph.microsoft.com/mail.read
权限之类的范围。 Reference : Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft Entra |参考: 微软身份平台和 OAuth 2.0 授权码流程 - Microsoft Entra | Microsoft Docs
微软文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.