[英]Azure Data Lake Storage Gen2 access token generation - "AADSTS65001: The user or administrator has not consented to use the application with ID
我正在嘗試生成訪問和刷新令牌,以便能夠使用帶有允許OAuth的外部應用程序登錄到Azure Data Lake Storage Gen2。
做了什么:
使用https://docs.microsoft.com/zh-cn/azure/storage/blobs/data-lake-storage-quickstart-create-account創建的存儲帳戶
使用https://docs.microsoft.com/zh-cn/azure/active-directory/develop/howto-create-service-principal-portal創建了Azure AD應用程序
從第二步開始授予管理員同意申請的權限-https: //i.imgur.com/myMtkeu.png
還授予管理員對企業應用程序的同意,其名稱為步驟2中的應用程序https://i.imgur.com/BPX48NE.png
步驟3和步驟4如此處所述-https: //docs.microsoft.com/zh-cn/azure/active-directory/manage-apps/configure-user-consent#grant-admin-consent-when-registering-一個應用內-內式天青門戶
然后我生成了授權碼
https://login.microsoftonline.com/<TENANT ID>/oauth2/v2.0/authorize?client_id=<CLIENT ID>&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&scope=offline_access%20user.read%20mail.read&state=12345
之后,我嘗試獲取令牌
curl -X POST https://login.microsoftonline.com/<TENANT ID>/oauth2/token \
-F redirect_uri=https://localhost/myapp/ \
-F grant_type=authorization_code \
-F resource=https://management.core.windows.net/ \
-F client_id=<CLIENT ID> \
-F client_secret=<CLIENT SECRET> \
-F code=OAQABAAIAAAAP0wLlqdLVToOpA4kwzSnxLhHJrARX8557... (Authorization code)
結果收到以下錯誤
"error":"invalid_grant","error_description":"AADSTS65001:
The user or administrator has not consented to use the application with ID
'<CLIENT ID>' named '<APP NAME>'. Send an interactive authorization request
for this user and resource.\r\nTrace ID: <TRACE ID>\r\nCorrelation ID:
<CORRELATION ID>\r\nTimestamp: 2019-09-03 13:31:50Z","error_codes":[65001],
"timestamp":"2019-09-03 13:31:50Z","trace_id":"<TRACE ID>",
"correlation_id":"<CORRELATION ID>","suberror":"consent_required"```
您通過使用V2.0端點獲得了授權代碼,但是在獲得令牌時使用了v1.0。 資源價值不正確。
請嘗試以下
獲取授權碼
https://login.microsoftonline.com/<TENANT ID>/oauth2/authorize?client_id=<CLIENT ID>&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&resource=https://datalake.azure.net/&state=12345
獲得令牌
curl -X POST https://login.microsoftonline.com/<TENANT ID>/oauth2/token \
-F redirect_uri=https://localhost/myapp/ \
-F grant_type=authorization_code \
-F resource=https://datalake.azure.net \
-F client_id=<CLIENT ID> \
-F client_secret=<CLIENT SECRET> \
-F code=OAQABAAIAAAAP0wLlqdLVToOpA4kwzSnxLhHJrARX8557... (Authorization code)
AADSTS65001:用戶或管理員未同意使用帶有 ID 的應用程序
[英]AADSTS65001: The user or administrator has not consented to use the application with ID
Azure AD - AADSTS65001:用戶或管理員未同意使用具有 ID 的應用程序
[英]Azure AD - AADSTS65001: The user or administrator has not consented to use the application with ID
AADSTS65001:用戶或管理員未同意使用 ID 為“的應用程序”<application ID>
[英]AADSTS65001: The user or administrator has not consented to use the application with ID '<application ID>
AADSTS65001:用戶或管理員未同意使用 ID 為“XYZXYZXYZ”的應用程序
[英]AADSTS65001: The user or administrator has not consented to use the application with ID " XYZXYZXYZ"
“AADSTS65001:用戶或管理員未同意使用 ID 為“PowerBI”的應用程序。發送交互式授權請求
[英]"AADSTS65001: The user or administrator has not consented to use the application with ID '' named 'PowerBI'. Send an interactive authorization request
“AADSTS65001:用戶或管理員未同意使用該應用程序”但管理員已同意
[英]"AADSTS65001: The user or administrator has not consented to use the application" but the Admin has consented
AADSTS90008:用戶或管理員未同意使用帶有 ID 的應用程序
[英]AADSTS90008: The user or administrator has not consented to use the application with ID
對於 IMAP.AccessAsUser.All Scope ADSTS65001:用戶或管理員未同意使用該應用程序
[英]For IMAP.AccessAsUser.All Scope ADSTS65001: The user or administrator has not consented to use the application
如何使用租戶 ID、客戶端 ID 和客戶端機密連接和管理 Azure Data Lake Storage Gen2 中的目錄和文件?
[英]How can I use tenant id, client id and client secret to connect to and manage directories and files in Azure Data Lake Storage Gen2?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.