I followed this tutorial and have gotten to the point where I am decoding the returned token, and extracting the email address (which should be stored in the preferred_username property), ie, the following code:
decoded_token = Base64.urlsafe_decode64(encoded_token)
jwt = JSON.parse(decoded_token)
email = jwt['preferred_username']
The problem is that the object returned doesn't contain this property, what I do get back is similar to below:
{
"ver":"2.0",
"iss":"https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0",
"aud":"0ab6433e-84fc-469b-8c72-41f7a0241a61",
"exp":1458142389,
"iat":1458055989,
"at_hash":"0OYaLKpTTdHNBrQNOqwQ0Q",
"sub":"AAAAAAAAAAAAAAAAAAAAAC1TrOaOmvInYrFAyrQjlFI",
"tid":"9188040d-6c67-4c5b-b112-36a304b66dad"
}
A quick glance at the spec indicates I am getting the correct object back from Office 365, as preferred_username is mentioned as a potential claim, but it isn't in the object I get back.
It's possible I'm not calling the get_token function with the correct parameters, but the documentation for the library is pretty sparse , so I can't really tell.
I have raised an issue on Github.
Is this an error on the Office 365 end, an error with the tutorial, or am I doing something wrong myself?
I am try to reproduce this issue using normal HTTP request however I could get the preferred_username property successfully.
As far as I know, we can get this property only when we specific the openid scope in the request. To narrow down this issue, I suggest that you trying use Fiddler or Postman without Ruby.
Here is the test using web browser and Fiddler to get the id token for your reference:
Replace the auth code from preview request and using Fiddler to post the request to get the tokens:
POST: https://login.microsoftonline.com/common/oauth2/v2.0/token grant_type=authorization_code&client_id={ClientID}&scope=https%3A%2F%2Foutlook.office.com%2Fmail.read%20https%3A%2F%2Foutlook.office.com%2Fmail.send%20 openid &redirect_uri=http%3A%2F%2Flocalhost%3A55065%2F&client_secret={ClientSecret}&code={AuthCode}
Decode the ID token from the link below:
Then I could get the preferred_username property from the ID token successfully.
Answered here by Jason Johnston from Microsoft (author of the tutorial):
The Azure team deployed a breaking change to their v2 auth endpoint, which is causing the preferred_username to not be present. You need to add profile to the SCOPES array in auth_helper.rb. I'll post an update to the tutorial after the Build conference.
The SCOPES array in auth_helper.rb now looks like so:
SCOPES = [ 'openid', 'https://outlook.office.com/mail.read', 'profile' ]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.