[英]'AADSTS70000: Transmission data parser failure: Authorization Code is malformed or invalid
使用Microsoft帳戶驗證用戶身份時遇到麻煩。 我正在使用OpenId Connect身份驗證,但是當我調用AcquireTokenByAuthorizationCodeAsync方法時,會收到以下消息。
引發異常:System.Private.CoreLib.dll中的'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException':'AADSTS70000:傳輸數據解析器失敗:授權代碼格式錯誤或無效。
auth選項如下:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
}).AddOpenIdConnect(openIdOptions =>
{
openIdOptions.ResponseType = OpenIdConnectResponseType.CodeIdToken;
openIdOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
openIdOptions.Authority = String.Format(CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}{1}", "common", "/v2.0");
openIdOptions.ClientId = Configuration["MicrosoftAuth:ClientId"];
openIdOptions.ClientSecret = Configuration["MicrosoftAuth:ClientSecret"];
openIdOptions.SaveTokens = true;
openIdOptions.TokenValidationParameters = new TokenValidationParameters{
ValidateIssuer = false
};
var scopes = Configuration["MicrosoftAuth:Scopes"].Split(' ');
foreach (string scope in scopes){
openIdOptions.Scope.Add(scope);
}
openIdOptions.Events = new OpenIdConnectEvents{
OnAuthorizationCodeReceived = async (context) =>
{
var code = context.ProtocolMessage.Code;
var identifier = context.Principal.Claims.First(item => item.Type == ObjectIdentifierType).Value;
IMemoryCache memoryCache = context.HttpContext.RequestServices.GetRequiredService<IMemoryCache>();
var result = await GetTokenByAuthorizationCodeAsync(identifier, code, memoryCache);
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
},
};
});
這就是我的GetTokenByAuthorizationCodeAsync的樣子(我知道它並不漂亮,只是試圖使其工作):
public async Task<AuthenticationResult> GetTokenByAuthorizationCodeAsync(string userId, string code, IMemoryCache memoryCache)
{
TokenCache userTokenCache = new SessionTokenCache(userId, memoryCache).GetCacheInstance();
try
{
AuthenticationContext authContext = new AuthenticationContext("https://login.microsoftonline.com/common/oauth2/v2.0/token/", userTokenCache);
ClientCredential credential = new ClientCredential(Configuration["MicrosoftAuth:ClientId"], Configuration["MicrosoftAuth:ClientSecret"]);
string[] scope = new List<String>().Append("https://graph.windows.net").ToArray();
AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(code,new Uri(Configuration["MicrosoftAuth:RedirectUri"]), credential, Configuration["MicrosoftAuth:ResourceId"]);
return result;
}
catch (Exception)
{
return null;
}
}
我不知道是什么原因引起的錯誤。 如果我發送郵遞員請求,則可以使用授權碼,但仍無法在該請求中添加資源ID。
我已經在Microsoft的應用程序注冊門戶( https://apps.dev.microsoft.com/ )中注冊了該應用程序。
您正在使用Microsoft.IdentityModel.Clients.ActiveDirectory
庫獲取訪問令牌。 該庫用於Azure AD應用程序,該應用程序在Azure門戶而不是Azure AD v2.0終結點上注冊。
要獲取Azure AD V2.0應用程序的令牌,我們可以使用MSAL庫。 這是代碼示例供您參考:
OnAuthorizationCodeReceived = async (context) =>
{
var code = context.ProtocolMessage.Code;
ConfidentialClientApplication cca =
new ConfidentialClientApplication(Configuration["AzureAD:ClientId"], Configuration["AzureAd:PostLogoutRedirectUri"]+ "signin-oidc", new ClientCredential(Configuration["AzureAD:Secret"]), null, null);
var result =await cca.AcquireTokenByAuthorizationCodeAsync(code,new string[]{"user.read"});
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.