![](/img/trans.png)
[英]How do I Authenticate to AAD using Invoke-RestMethod with ClientCredential flow using certfiicate and get the token?
[英]The remote server returned an error: (400) Bad Request on invoke-restmethod using powershell
我试图使用 Powershell 拨打 api,这是脚本
$clientID = "xxxxxxxxxxxxx"
$tenantName = "xxxxxxxxxxxxxxxxxxx"
$ClientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXx"
$ReqTokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
client_Id = $clientID
Client_Secret = $clientSecret
}
$TokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody
$authheader = @{
'Authorization' = "Bearer $($Tokenresponse.access_token)"
}
$ssoPatchUri = 'https://graph.microsoft.com/v1.0/applications/xxxxxxxxxxxxx-b64417d8183c'
$body = @'
{
"web": @{"redirectUris" = @("https://signin.aws.amazon.com/saml")}
"identifierUris" : @("https://signin.aws.amazon.com/saml")
}
'@
Invoke-RestMethod -Headers $authheader -Uri $ssoPatchUri -Body $body -Method Patch -ContentType 'application/json' -Verbose
在我们传递 $body 参数的最后一个 invoke-restmethod 中发生的错误,我相信它是由于嵌套 json 的不正确框架造成的。这是我得到的错误。(因为我没有复制整个代码,行号将无效)
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At C:\user\test.ps1:77 char:14
+ ... $final = Invoke-RestMethod -Headers $authheader -Uri $ssoPatchUri ...
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
这是我需要传递的实际 json 数据,
{
"web": {
"redirectUris": [
"https://signin.aws.amazon.com/saml"
]
},
"identifierUris": [
"https://signin.aws.amazon.com/saml"
]
}
感谢有人可以帮助我解决这个问题
我已经使用您的代码重现了该问题。
采取的步骤。
我已同意以下权限:Application.ReadWrite.All、Directory.ReadWrite.All、Application.ReadWrite.OwnedBy
我在正文中稍微修改了代码并将内容类型放在 authheader 中。
$TenantName = "****.onmicrosoft.com" $clientID = "**********" $clientSecret = "*****************" $Scope = "https://graph.microsoft.com/.default" $ReqTokenBody = @{ Grant_Type = "client_credentials" Scope = $Scope client_Id = $clientID Client_Secret = $clientSecret } $authUri = "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token" $TokenResponse = Invoke-RestMethod -Uri $authUri -Method POST -Body $ReqTokenBody $authheader = @{ "Authorization" = "Bearer $($Tokenresponse.access_token)" "Content-type" = "application/json" } $TokenResponse.access_token $ssoPatchUri = 'https://graph.microsoft.com/v1.0/applications/####' $body = '{ "web": { "redirectUris": [ "https://signin.aws.amazon.com/saml" ] }, "identifierUris": ["https://signin.aws.amazon.com/saml"] }' Invoke-RestMethod -Headers $authheader -Uri $ssoPatchUri -Method PATCH -Body $body #$v=Invoke-RestMethod -Headers $authheader -Uri "https://graph.microsoft.com/v1.0/applications/#######" -Method GET #$v #$v.web
在这里,我放置了 api 的object id而不是客户端 id(在 -Uri https://graph.microsoft.com/v1.0/applications/objectId 中)来执行PATCH请求并且它有效。当客户端时显示相同的错误使用 ID。
但是使用客户端 ID( https://graph.microsoft.com/v1.0/applications/ClientId )适用于 GET 请求。
在 uri 中使用 object id 后,重定向 uri 和标识符 uri 成功更新为 api 补丁可以通过使用 GET 请求显示。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.