![](/img/trans.png)
[英]AADSTS65001: The user or administrator has not consented to use the application with ID
[英]Azure Data Lake Storage Gen2 access token generation - "AADSTS65001: The user or administrator has not consented to use the application with ID
我正在尝试生成访问和刷新令牌,以便能够使用带有允许OAuth的外部应用程序登录到Azure Data Lake Storage Gen2。
做了什么:
使用https://docs.microsoft.com/zh-cn/azure/storage/blobs/data-lake-storage-quickstart-create-account创建的存储帐户
使用https://docs.microsoft.com/zh-cn/azure/active-directory/develop/howto-create-service-principal-portal创建了Azure AD应用程序
从第二步开始授予管理员同意申请的权限-https: //i.imgur.com/myMtkeu.png
还授予管理员对企业应用程序的同意,其名称为步骤2中的应用程序https://i.imgur.com/BPX48NE.png
步骤3和步骤4如此处所述-https: //docs.microsoft.com/zh-cn/azure/active-directory/manage-apps/configure-user-consent#grant-admin-consent-when-registering-一个应用内-内式天青门户
然后我生成了授权码
https://login.microsoftonline.com/<TENANT ID>/oauth2/v2.0/authorize?client_id=<CLIENT ID>&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&scope=offline_access%20user.read%20mail.read&state=12345
之后,我尝试获取令牌
curl -X POST https://login.microsoftonline.com/<TENANT ID>/oauth2/token \
-F redirect_uri=https://localhost/myapp/ \
-F grant_type=authorization_code \
-F resource=https://management.core.windows.net/ \
-F client_id=<CLIENT ID> \
-F client_secret=<CLIENT SECRET> \
-F code=OAQABAAIAAAAP0wLlqdLVToOpA4kwzSnxLhHJrARX8557... (Authorization code)
结果收到以下错误
"error":"invalid_grant","error_description":"AADSTS65001:
The user or administrator has not consented to use the application with ID
'<CLIENT ID>' named '<APP NAME>'. Send an interactive authorization request
for this user and resource.\r\nTrace ID: <TRACE ID>\r\nCorrelation ID:
<CORRELATION ID>\r\nTimestamp: 2019-09-03 13:31:50Z","error_codes":[65001],
"timestamp":"2019-09-03 13:31:50Z","trace_id":"<TRACE ID>",
"correlation_id":"<CORRELATION ID>","suberror":"consent_required"```
您通过使用V2.0端点获得了授权代码,但是在获得令牌时使用了v1.0。 资源价值不正确。
请尝试以下
获取授权码
https://login.microsoftonline.com/<TENANT ID>/oauth2/authorize?client_id=<CLIENT ID>&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&resource=https://datalake.azure.net/&state=12345
获得令牌
curl -X POST https://login.microsoftonline.com/<TENANT ID>/oauth2/token \
-F redirect_uri=https://localhost/myapp/ \
-F grant_type=authorization_code \
-F resource=https://datalake.azure.net \
-F client_id=<CLIENT ID> \
-F client_secret=<CLIENT SECRET> \
-F code=OAQABAAIAAAAP0wLlqdLVToOpA4kwzSnxLhHJrARX8557... (Authorization code)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.