![](/img/trans.png)
[英]AADSTS65001: The user or administrator has not consented to use the application with ID
[英]Azure Data Lake Storage Gen2 access token generation - "AADSTS65001: The user or administrator has not consented to use the application with ID
我正在嘗試生成訪問和刷新令牌,以便能夠使用帶有允許OAuth的外部應用程序登錄到Azure Data Lake Storage Gen2。
做了什么:
使用https://docs.microsoft.com/zh-cn/azure/storage/blobs/data-lake-storage-quickstart-create-account創建的存儲帳戶
使用https://docs.microsoft.com/zh-cn/azure/active-directory/develop/howto-create-service-principal-portal創建了Azure AD應用程序
從第二步開始授予管理員同意申請的權限-https: //i.imgur.com/myMtkeu.png
還授予管理員對企業應用程序的同意,其名稱為步驟2中的應用程序https://i.imgur.com/BPX48NE.png
步驟3和步驟4如此處所述-https: //docs.microsoft.com/zh-cn/azure/active-directory/manage-apps/configure-user-consent#grant-admin-consent-when-registering-一個應用內-內式天青門戶
然后我生成了授權碼
https://login.microsoftonline.com/<TENANT ID>/oauth2/v2.0/authorize?client_id=<CLIENT ID>&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&scope=offline_access%20user.read%20mail.read&state=12345
之后,我嘗試獲取令牌
curl -X POST https://login.microsoftonline.com/<TENANT ID>/oauth2/token \
-F redirect_uri=https://localhost/myapp/ \
-F grant_type=authorization_code \
-F resource=https://management.core.windows.net/ \
-F client_id=<CLIENT ID> \
-F client_secret=<CLIENT SECRET> \
-F code=OAQABAAIAAAAP0wLlqdLVToOpA4kwzSnxLhHJrARX8557... (Authorization code)
結果收到以下錯誤
"error":"invalid_grant","error_description":"AADSTS65001:
The user or administrator has not consented to use the application with ID
'<CLIENT ID>' named '<APP NAME>'. Send an interactive authorization request
for this user and resource.\r\nTrace ID: <TRACE ID>\r\nCorrelation ID:
<CORRELATION ID>\r\nTimestamp: 2019-09-03 13:31:50Z","error_codes":[65001],
"timestamp":"2019-09-03 13:31:50Z","trace_id":"<TRACE ID>",
"correlation_id":"<CORRELATION ID>","suberror":"consent_required"```
您通過使用V2.0端點獲得了授權代碼,但是在獲得令牌時使用了v1.0。 資源價值不正確。
請嘗試以下
獲取授權碼
https://login.microsoftonline.com/<TENANT ID>/oauth2/authorize?client_id=<CLIENT ID>&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&resource=https://datalake.azure.net/&state=12345
獲得令牌
curl -X POST https://login.microsoftonline.com/<TENANT ID>/oauth2/token \
-F redirect_uri=https://localhost/myapp/ \
-F grant_type=authorization_code \
-F resource=https://datalake.azure.net \
-F client_id=<CLIENT ID> \
-F client_secret=<CLIENT SECRET> \
-F code=OAQABAAIAAAAP0wLlqdLVToOpA4kwzSnxLhHJrARX8557... (Authorization code)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.