[英]Error "AADSTS50194: Application 'xxxxxxxx' is not configured as a multi-tenant application" when using 'azure/msal-browser' reactjs package
我有一个 SPA 应用程序正在尝试使用“azure/msal-browser”reactjs 包登录到 Azure AD。
该应用设置为在 Azure 应用注册时使用单租户身份验证。 authConfig.js
文件也设置为使用单租户身份验证,但我不断收到错误消息:
AADSTS50194: Application 'xxxxxxxx' is not configured as a multi-tenant application
我发现了类似的帖子,但都指向了我已经做过的设置权限参数。
我试图实现的场景是带有页面重定向的静默登录。 这是我基于我的实现的官方示例。
这里是重新创建的步骤:
安装 msal 浏览器
根据您的应用注册配置 AuthConfig.js 文件:
const msalConfig = { auth: { clientId: "Application (client) ID", authority: "https://login.microsoftonline.com/<Directory (tenant) ID>/", redirectUri: "<app url(must be a allowed URL redirect for SPA application type)>" }, ... export const loginRequest = { scopes: ["openid", "User.Read"] };
以及获取令牌的代码:
import { PublicClientApplication } from "@azure/msal-browser"; import { loginRequest} from "../../authConfig"; // this is my simplified version of the method `getTokenRedirect` present in the sample. export const acquireIdToken = async (msalInstanceParam) => { const msalInstance = new PublicClientApplication(loginRequest); const activeAccount = msalInstance.getActiveAccount(); const accounts = msalInstance.getAllAccounts(); const request = { scopes: ["User.Read"], account: activeAccount || accounts[0] }; const authResult = await msalInstance.acquireTokenSilent(request);//throws http code 400 error with message 'AADSTS50194 ...' return authResult.idToken };
有趣的是,我能够成功登录,被重定向到 SPA 应用程序,获取令牌,从令牌中检索用户名,但由于某种原因,该应用程序调用https://login.microsoftonline.com/common /oauth2/v2.0/token我在控制台中收到此错误。
有什么线索吗?
浏览器日志(更新):
[HMR] Waiting for update signal from WDS...
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/msal-react@1.3.1 : Info - useAccount - Updating account
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/msal-browser@2.22.1 : Info - Emitting event: msal:handleRedirectStart
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/msal-react@1.3.1 : Info - MsalProvider - msal:handleRedirectStart results in setting inProgress from startup to handleRedirect
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : [78728aa2-9ecd-4399-994a-4d8ab8801b13] : msal.js.browser@2.22.1 : Info - handleRedirectPromise called but there is no interaction in progress, returning null.
RequestInterceptor.tsx:27 Wrapped Fetch started for resource planning
GetToken.js:22 acquire token ...
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/msal-react@1.3.1 : Info - useAccount - Updating account
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/msal-browser@2.22.1 : Info - Emitting event: msal:handleRedirectEnd
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/msal-react@1.3.1 : Info - MsalProvider - msal:handleRedirectEnd results in setting inProgress from handleRedirect to none
RequestInterceptor.tsx:27 Wrapped Fetch started for resource https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/msal-react@1.3.1 : Info - useAccount - Updating account
RequestInterceptor.tsx:27 Wrapped Fetch started for resource https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
RequestInterceptor.tsx:27 Wrapped Fetch started for resource https://login.microsoftonline.com/common/oauth2/v2.0/token
RequestInterceptor.tsx:33
RequestInterceptor.tsx:33 POST https://login.microsoftonline.com/common/oauth2/v2.0/token 400 (Bad Request)
显然,通过检查日志,端点发现提供了覆盖设置的权限 URL:
https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
首先,权限需要针对organizations
(针对工作或学生帐户)或common
(针对所有上述加上个人帐户)端点,而不是特定于租户。 例如
{
authority: "https://login.microsoftonline.com/organizations/",
// authority: "https://login.microsoftonline.com/common/",
}
最后,您需要将您的应用注册配置为多租户。 更新其应用清单并确保signInAudience
设置为AzureADMultipleOrgs
或AzureADandPersonalMicrosoftAccount
。 后者需要accessTokenAcceptedVersion
设置为2
。
干杯!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.