Azure MSAL 节点 ClientAuthError
[英]Azure MSAL node ClientAuthError
问题描述
I am trying to use @azure/msal-node on a node backend server.
我正在尝试在节点后端服务器上使用 @azure/msal-node。
I follow the tutorial on their Github page and when I try to call acquireTokenByCode i get this error:我按照他们的 Github 页面上的教程进行操作,当我尝试调用 acquireTokenByCode 时出现此错误:
[Tue, 30 Aug 2022 08:23:34 GMT] : @azure/msal-node@1.12.1 : Info - getAuthCodeUrl called
[Tue, 30 Aug 2022 08:23:34 GMT] : @azure/msal-node@1.12.1 : Verbose - initializeRequestScopes called
[Tue, 30 Aug 2022 08:23:34 GMT] : : @azure/msal-node@1.12.1 : Verbose - buildOauthClientConfiguration called
[Tue, 30 Aug 2022 08:23:34 GMT] : : @azure/msal-node@1.12.1 : Verbose - building oauth client configuration with the authority: https://login.microsoftonline.com/common/
[Tue, 30 Aug 2022 08:23:34 GMT] : : @azure/msal-node@1.12.1 : Verbose - createAuthority called
[Tue, 30 Aug 2022 08:23:34 GMT] : : @azure/msal-node@1.12.1 : Verbose - Auth code client created
[Tue, 30 Aug 2022 08:23:35 GMT] : @azure/msal-node@1.12.1 : Info - acquireTokenByCode called
[Tue, 30 Aug 2022 08:23:35 GMT] : @azure/msal-node@1.12.1 : Verbose - initializeRequestScopes called
[Tue, 30 Aug 2022 08:23:35 GMT] : : @azure/msal-node@1.12.1 : Verbose - buildOauthClientConfiguration called
[Tue, 30 Aug 2022 08:23:35 GMT] : : @azure/msal-node@1.12.1 : Verbose - building oauth client configuration with the authority: https://login.microsoftonline.com/common/
[Tue, 30 Aug 2022 08:23:35 GMT] : : @azure/msal-node@1.12.1 : Verbose - createAuthority called
[Tue, 30 Aug 2022 08:23:35 GMT] : : @azure/msal-node@1.12.1 : Verbose - Auth code client created
[Tue, 30 Aug 2022 08:23:35 GMT] : : @azure/msal-common@7.3.0 : Info - in acquireToken call
ClientAuthError: network_error: Network request failed. Please check network trace to determine root cause. | Fetch client threw: Error: HTTP status code 401 | Attempted to reach: https://login.microsoftonline.com/common/oauth2/v2.0/token
at ClientAuthError.AuthError [as constructor] (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:500:24)
at new ClientAuthError (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:802:28)
at Function.ClientAuthError.createNetworkError (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:845:16)
at NetworkManager.<anonymous> (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:3418:51)
at step (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:79:23)
at Object.throw (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:60:53)
at rejected (C:\Users\user\project\node_modules\@azure\msal-common\dist\index.cjs.js:51:65)
at processTicksAndRejections (internal/process/task_queues.js:94:5) {
errorCode: 'network_error',
errorMessage: 'Network request failed. Please check network trace to determine root cause. | Fetch client threw: Error: HTTP status code 401 | Attempted to reach: https://login.microsoftonline.com/common/oauth2/v2.0/token',
subError: '',
name: 'ClientAuthError'
}
My code:我的代码:
const loggerOptions = { loggerCallback(loglevel, message, containsPii) { console.log(message); }, piiLoggingEnabled: false, logLevel: msal.LogLevel.Verbose, } const clientConfig = { auth: { clientId: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", authority: "https://login.microsoftonline.com/common/", }, system: { loggerOptions: loggerOptions } }; publicMicrosoftClient = new msal.PublicClientApplication(clientConfig); app.get('/connect', function (req, res) { const authCodeUrlParameters = { scopes: ['https://outlook.office.com/IMAP.AccessAsUser.All', 'https://outlook.office.com/SMTP.Send', 'offline_access', 'openid', 'profile', 'Mail.ReadWrite', 'Mail.Send', 'MailboxSettings.Read', 'MailboxSettings.ReadWrite', 'IMAP.AccessAsUser.All'], redirectUri: "http://localhost:4220/redirect", }; client.getAuthCodeUrl(authCodeUrlParameters).then((response) => { res.json(response); }).catch((error) => console.log(JSON.stringify(error))); }); app.get('/redirect', function (req, res) { const tokenRequest = { redirectUri: "http://localhost:4220/redirect", scopes: ['https://outlook.office.com/IMAP.AccessAsUser.All', 'https://outlook.office.com/SMTP.Send', 'offline_access', 'openid', 'profile', 'Mail.ReadWrite', 'Mail.Send', 'MailboxSettings.Read', 'MailboxSettings.ReadWrite', 'IMAP.AccessAsUser.All'], code: req.query.code }; const authCodeResponse = { code: req.query.code } client.acquireTokenByCode(tokenRequest, authCodeResponse).then((response) => { console.log("Successfully acquired token using Authorization Code."); res.sendStatus(200); }).catch((error) => { console.log(error); res.status(500).send(error); }); });
The first request works fine.第一个请求工作正常。 I can connect with the link and I am well redirected on /redirect我可以连接到该链接,并且在 /redirect 上被很好地重定向
If anyone has an idea what's going on?如果有人知道发生了什么?
Node version: 12.14.0节点版本:12.14.0
@azure/msal-node version: 1.12.1 @azure/msal-node 版本:1.12.1
1 个解决方案
解决方案1
0 2022-09-02 09:28:33
Please check,it can be issue when DNS is not resolved.Try to replace localhost with the IP address of your machine.请检查,当 DNS 未解析时可能会出现问题。尝试将 localhost 替换为您机器的 IP 地址。
- For native and mobile apps, use one of the following:
https://login.microsoftonline.com/common/oauth2/nativeclientfor apps using embedded browsers or withhttp://localhostfor apps using system browsers.对于本机和移动应用程序,请使用以下选项之一: https://login.microsoftonline.com/common/oauth2/nativeclient用于使用嵌入式浏览器的应用程序或http://localhost用于使用系统浏览器的应用程序。 - As you have given
openidoffline_access,profilepermissions, please check the same api permissions are given in azure ad portal and beengranted admin consentfrom portal or while authentication.由于您已授予openidoffline_access、profile权限,请检查在 azure 广告门户中提供的相同 api 权限,并已从门户网站或身份验证中granted admin consent。 - In authorization code flow, the client initially directs the user to the
/authorizeendpoint and requests scopes like theopenid,offline_access, andhttps://graph.microsoft.com/mail.readpermissions from the user.在授权代码流中,客户端最初将用户定向到/authorize端点,并向用户请求诸如openid、offline_access和https://graph.microsoft.com/mail.read权限之类的范围。
Reference : Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft Entra |参考: 微软身份平台和 OAuth 2.0 授权码流程 - Microsoft Entra | Microsoft Docs 微软文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
@azure/msal-node -> 用户授权访问 Azure Vault - @azure/msal-node -> User auth to access Azure Vault
@ azure / msal-angular的元数据版本不匹配 - MetaData version mismatch for @azure/msal-angular
在azure webapp中使用MSAL.js进行身份验证 - Authenticating using MSAL.js in azure webapp
在 msal-node js 中使用带有证书的 SPN 获取访问令牌的 azure 活动目录面临错误“ERR_OSSL_PEM_NO_START_LINE” - azure active directory get access token using SPN with certificate in msal-node js facing error "ERR_OSSL_PEM_NO_START_LINE "
MSAL 登录不适用于 node.js、Javascript 应用程序的生产环境 - MSAL login not working in production for node.js , Javascript application
有什么方法可以使用@azure/msal-angular 登录用户 azure 订阅 ID? - Is there any way to get logged in user azure subscription Id's using @azure/msal-angular?
MSAL 和 passport-azure-ad 无法验证令牌 - MSAL and passporrt-azure-ad cannot verify token
无法将“this”绑定到 AcquireTokenSilent 的回调函数 - Azure AD MSAL 和 ReactJS - Unable to bind 'this' to callback function of AcquireTokenSilent - Azure AD MSAL & ReactJS
ClientAuthError:令牌调用在隐藏的 iframe 中被阻止 - ClientAuthError: Token calls are blocked in hidden iframes
来自@azure/msal-browser 的 loginPopup 不适用于 Microsoft Teams 桌面应用程序 - loginPopup from @azure/msal-browser not working on Microsoft Teams desktop application
相关标签