Microsoft Teams SSO - 尝试使用 SSO 从团队应用程序检索令牌时出现 2400 错误

问题描述 投票:0回答:1

Microsoft Teams SSO 集成:SSO 窗口打开时出现错误 

2400

我正在致力于将 Angular 应用程序集成到 Microsoft Teams 中,并使用 SSO 通过 Azure AD 对用户进行身份验证。但是,我遇到了似乎无法解决的问题。

当前设置:

  • 应用程序托管:该应用程序托管在 

    https://www.myexampleapp.com/test

  • Azure AD 应用程序 ID URI

    api://www.myexampleapp.com/test/12345678-abcd-efgh-ijkl-9876543210

  • 团队清单

    {
  "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.16/MicrosoftTeams.schema.json",
  "manifestVersion": "1.16",
  "version": "1.0.2",
  "id": "12345678-abcd-efgh-ijkl-9876543210",
  "packageName": "com.example.teams-tab-app",
  "developer": {
    "name": "Your Name",
    "websiteUrl": "https://example.com",
    "privacyUrl": "https://example.com",
    "termsOfUseUrl": "https://example.com"
  },
  "name": {
    "short": "Teams Tab App",
    "full": "Teams Tab Application"
  },
  "description": {
    "short": "A simple app",
    "full": "This is a simple app built with Angular."
  },
  "staticTabs": [
    {
      "entityId": "exampleTab",
      "name": "Example Tab",
      "contentUrl": "https://www.myexampleapp.com/test",
      "context": ["personalTab", "channelTab"],
      "scopes": ["personal", "team"]
    }
  ],
  "permissions": ["identity", "messageTeamMembers"],
  "validDomains": ["www.myexampleapp.com"],
  "icons": {
    "color": "color.png",
    "outline": "outline.png"
  },
  "accentColor": "#FF5733",
  "webApplicationInfo": {
    "id": "12345678-abcd-efgh-ijkl-9876543210",
    "resource": "api://www.myexampleapp.com/test/12345678-abcd-efgh-ijkl-9876543210"
  }
}

  • 获取代币的角度代码

    async ngOnInit() {
  microsoftTeams.initialize();
  await this.getAuthToken();
}

async getAuthToken() {
  try {
    this.authToken = await microsoftTeams.authentication.getAuthToken();
    console.log('Authentication token:', this.authToken);
  } catch (error) {
    console.error('Error retrieving token:', error);
  }
}

  • API权限:

    • User.Read
    • Files.Read.All
    • (与网站集和访问审核相关的其他权限)

问题:

  1. 错误2400:当应用程序尝试获取身份验证令牌时,我遇到以下错误: 
    Error: Error: ApiContractViolation {"Description":"Embedded browser flow resulted in 'invalid_client' with description '(pii)'","ErrorCode":"2400","Message":"The operation attempted is invalid."}

任何帮助或指导将不胜感激!

请参阅附图:

Example

azure-active-directory single-sign-on microsoft-teams
1个回答
0
投票

PII 是个人身份信息。如果 Microsoft Teams SSO 由于 PII 引发错误,并显示

“invalid_client”,描述为“(pii)”

那么您的客户端无效的原因是它包含 PII,这是可用于识别该人的信息。例如,这违反了欧洲 GDPR

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.