堆栈内存溢出
  简体   繁体   English

Azure AD OAuth2 无效令牌

[英]Azure AD OAuth2 invalid token

 原文  2022-12-22 14:44:12       c#/ asp.net-core/ azure-active-directory/ exchangewebservices

问题描述

I'm trying to client flow to authenticate OAuth2 to get the access token.我正在尝试通过客户端流程对 OAuth2 进行身份验证以获取访问令牌。 Below is my codes:以下是我的代码:

var cca = ConfidentialClientApplicationBuilder
                 .Create("client id")
                 .WithTenantId("tenant id")
                 .WithClientSecret("client secret")
                 .Build();

var ewsScopes = new string[] { "https://outlook.office365.com/.default" };

var authResult = await cca.AcquireTokenForClient(ewsScopes).ExecuteAsync();

ExchangeService _service = new ExchangeService();

_service.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");
_service.Credentials = new OAuthCredentials(authResult.AccessToken); 
 _service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, crmEmail);

It was able to generate the token.它能够生成令牌。 But when I try to access EWS email, it came out the following exception:但是当我尝试访问 EWS 电子邮件时,出现以下异常:

The format of value 'Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6Im9RSEFjaS1HWHlyTEprVFZFME5QZ0stXzdpMmpGejg5eXhiY3U2N2g3WXciLCJhbGciOiJSUzI1NiIsIng1dCI6Ii1LSTNROW5OUjdiUm9meG1lWm9YcWJIWkdldyIsImtpZCI6Ii1LSTNROW5OUjdiUm9meG1lWm9YcWJIWkdldyJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlMzY1LmNvbSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2M4YzNkM2FkLTM3MTAtNDEwZC1iZGFhLTQyZDA4NGQ1OTVkNS8iLCJpYXQiOjE2NzE3MTk2OTksIm5iZiI6MTY3MTcxOTY5OSwiZXhwIjoxNjcxNzIzNTk5LCJhaW8iOiJFMlpnWUdqODVCUnUzdmsvZkZmM281a0h3dHA5QVE9PSIsImFwcF9kaXNwbGF5bmFtZSI6IkNSTS1FV1MiLCJhcHBpZCI6IjdlNTQ4MmI4LWMwMDAtNDM4MC04M2YxLWQwMTk4NjNlYTRiYyIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2M4YzNkM2FkLTM3MTAtNDEwZC1iZGFhLTQyZDA4NGQ1OTVkNS8iLCJvaWQiOiJjZWVmYTI0OC1iMGJjLTRlZTMtYmJhZC0xMjZhNmM0NTkyOWUiLCJyaCI6IjAuQVNvQXJkUER5QkEzRFVHOXFrTFFoTldWMVFJQUFBQUFBUEVQemdBQUFBQUFBQUFxQUFBLiIsInJvbGVzIjpbImZ1bGxfYWNjZXNzX2FzX2FwcCJdLCJzaWQiOiI0ZDQ1YTc2NS00ZTk1LTRiM2UtYWEyYy0yNDQ2MGQ2ZWQ1ZDUiLCJzdWIiOiJjZWVmYTI0OC1iMGJjLTRlZTMtYmJhZC0xMjZhNmM0NTkyOWUiLCJ0aWQiOiJjOGMzZDNhZC0zNzEwLTQxMGQtYmRhYS00MmQwODRkNTk1ZDUiLCJ1dGkiOiJPcm5WejMwQUswaVctV2hMTVI3dEFBIiwidmVyIjoiMS4wIiwid2lkcyI6WyIwOTk3YTFkMC0wZDFkLTRhY2ItYjQwOC1kNWNhNzMxMjFlOTAiXX0.rSoLFZ8uu1Nyf3utEfbaLU_dWHUXaVwKtqDNlVgisNvLaFVvkmMAGYkuanmUoWL2PFKvKXEBspFzJsX_qO02a20xCIDKZI9_CjJicDcg36CxAolCFqt50VXhhm5ebVjh9cWWeYP9DFV028VGUJRhJ7hYM8Uusmk9kuXka6pKW7SpZ0fNT_SY14sceT5RvVW3Zi1DkO0lm_6btuXolqIHXUTvbrFPN7kt-_DiOBn6oZUb-sPoWUditRGTOe_AZ-f5tKubVGcxqMPXCUs82CYxKVoXrEqJb5ISXCLHzg-TS6xbc8N1UEBAqpaLvqlYqAiclzRDBTHDgC8ob1DIxqtp9Q' is invalid.

The token was generated from AuthResult.AccessToken.令牌是从 AuthResult.AccessToken 生成的。 I've no clue where went wrong.我不知道哪里出了问题。 Any advice appreciated.任何建议表示赞赏。

1 个解决方案

解决方案1
 0  2022-12-23 13:03:52

I followed this document and compared it with yours code snippet, I have several points that want to confirm with you.我关注了这篇文档并将其与您的代码片段进行了比较,我有几点想与您确认。

Firstly, did you set the api permission correctly?首先,你是否正确设置了api权限? You may need to check if full_access_as_app permission was listed and give admin consent .您可能需要检查是否列出了full_access_as_app权限并给予管理员同意 Like screenshot below, I added the api permission but didn't grant admin consent.像下面的截图一样,我添加了 api 权限但没有授予管理员同意。

在此处输入图像描述

Then the next, the document also provide a sample which set a request header:然后接下来,文档还提供了一个设置请求头的示例:

ewsClient.HttpHeaders.Add("X-AnchorMailbox", "meganb@contoso.onmicrosoft.com");

By the way, also some preparation.顺便说一句,也有些准备。

To use the code in this article, you will need to have access to the following:要使用本文中的代码,您需要访问以下内容:

A Microsoft 365 account with an Exchange Online mailbox.具有 Exchange Online 邮箱的 Microsoft 365 帐户。 If you do not have a Microsoft 365 account, you can sign up for the Microsoft 365 Developer Program to get a free Microsoft 365 subscription.如果您没有 Microsoft 365 帐户,您可以注册 Microsoft 365 开发人员计划以获取免费的 Microsoft 365 订阅。 The Microsoft Authentication Library for .NET.适用于 .NET 的 Microsoft 身份验证库。 The EWS Managed API. EWS 托管 API。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 添加Azure Ad Oauth2 JWT令牌声明 - Adding Azure Ad Oauth2 JWT Token Claims 未使用Swagger Azure AD OAuth2令牌 - Swagger Azure AD OAuth2 token isn't used Azure AD OAuth2访问令牌请求错误-400错误的请求 - Azure AD OAuth2 Access Token Request Error - 400 Bad Request 使用OAuth2对Azure AD进行身份验证以调用WebAPI - Use OAuth2 for authentication against Azure AD to call WebAPI 从 Azure AD 接收无效的访问令牌 - Receiving invalid access token from Azure AD 如何将Daemon或Server的Azure AD OAuth2访问令牌和刷新令牌转换为C#ASP.NET Web API - How do I get Azure AD OAuth2 Access Token and Refresh token for Daemon or Server to C# ASP.NET Web API Azure 功能根 URL 使用不记名令牌/OAuth2 进行身份验证 - Azure Functions root URL authentication with bearer token/OAuth2 如何使用node-adal和OWIN配置Azure AD OAuth2? - How to configure Azure AD OAuth2 using node-adal and OWIN? 获取OAuth2刷新令牌 - Getting OAuth2 refresh token 验证 Azure AD 令牌 - Validating Azure AD token
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM