在 Azure Active Directory B2C 错误中请求访问令牌

问题描述 投票:0回答:1

我尝试从 Azure B2C 交换访问令牌,以便在用户注册或登录后立即识别用户的 oid,但每次发出请求时,都会遇到以下错误消息:

Status 404 Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

我遵循的指南来自 Microsoft 的页面:https://learn.microsoft.com/en-us/azure/active-directory-b2c/access-tokens

POST <tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token HTTP/1.1
Host: <tenant-name>.b2clogin.com
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&client_id=<application-ID>
&scope=<application-ID-URI>/<scope-name>
&code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
&redirect_uri=https://jwt.ms
&client_secret=2hMG2-_:y12n10vwH...

这是我用来代替 Microsoft 示例的内容:

URL: dev.mycompanyname.net.b2clogin.com/devb2c.dev.mycompanyname.net.onmicrosoft.com/B2C_1_Sign/oauth2/v2.0/token

dev.mycompanyname.net is retrieved from either (Microsoft Entra ID -> Overview -> Primary domain) or (Azure AD B2C -> Overview -> Domain Name) Both gave me 'dev.mycompanyname.net'

B2C_1_Sign is retrieved from (Azure AD B2C --> Policies --> User Flows --> Name -->  'A policy I used to sign in, the exact name')

grant_type=authorization_code

client_id=I got this value from (App Registration --> My App --> Overview --> Application (client) ID)

code=(The exact code after ?code=, when the sign up or sign in process finish and my callback, or redirect gets called)

redirect_uri=(App Registration --> My App --> Managed --> Authentication --> Redirect URls)

client_secret=I got this from (App Registration --> My App --> Managed --> Certificates & Secrets --> Value)

I removed scope as I didn't have any scope added.

这是 Postman 的屏幕截图及其值:

enter image description here

这是我的标题:

Content-Type: application/x-www-form-urlencoded
Host: dev.mycompanyname.net.b2clogin.com

enter image description here

我将租户名称与我所看到的域名一起使用:

enter image description here

我已添加并匹配我的重定向网址。

我在这里缺少什么,为什么我无法用代码交换访问令牌?




解决方案:

谢谢@Sridevi,我的网址确实不正确。由于某种原因,我获得的租户名称不正确,尽管 Microsoft 告诉我要查看该名称。对于在 URL 上遇到类似问题并认为这是他们的租户名称的任何人,我从清单中获得了不同的租户名称。

Azure Home -> App Registration -> All Apps -> 'Choose your App' -> Manage -> Manifest -> publisherDomain -> 'Value'.onmicrosoft.com

我的是:
“publisherDomain”:“clientdevb2c.onmicrosoft.com”

我抓住了“clientdevb2c”部分作为我的租户名称。

azure azure-active-directory postman azure-ad-b2c access-token
1个回答
1
投票

最初,我在 Azure AD B2C 租户中注册了一个重定向 URI 为

https://jwt.ms
的应用程序:

enter image description here

现在,我启用了应用程序 ID URI 并公开了具有以下范围的 API:

enter image description here

确保在

API permissions
中添加此范围并授予管理员同意:

enter image description here

要请求访问令牌,您需要授权码。您可以在浏览器中运行以下授权请求来获取代码:

GET https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize?
client_id=<application-ID>
&nonce=anyRandomValue
&redirect_uri=https://jwt.ms
&scope=<application-ID-URI>/<scope-name>
&response_type=code

enter image description here

身份验证成功后,您将在地址栏中获得

code
值,如下所示:

enter image description here

要在 Azure AD B2C 中请求访问令牌,我在 Postman 中使用以下参数并得到如下响应:

POST https://b2ctenantname.b2clogin.com/b2ctenantname.onmicrosoft.com/B2C_1_SignIn/oauth2/v2.0/token
grant_type:authorization_code
client_id:appId
scope: https://b2ctenantname.onmicrosoft.com/appId/Files.Read
code: <code from above request>
redirect_uri: https://jwt.ms
client_secret: secret

回复:

enter image description here

您可以在 jwt.ms 网站中解码此访问令牌,以查找登录用户的对象 ID:

enter image description here

如果您在运行令牌请求时在 B2C 租户名称中包含任何“额外/无效”字符,通常会发生您遇到的错误。

当我在租户名称中使用额外字符

-

 运行相同的令牌请求时,我也遇到了
相同的错误,如下所示: POST https://b2c-tenant-name.b2clogin.com/b2c-tenant-name.onmicrosoft.com/B2C_1_SignIn/oauth2/v2.0/token grant_type:authorization_code client_id:appId scope: https://b2ctenantname.onmicrosoft.com/appId/Files.Read code: <code from above request> redirect_uri: https://jwt.ms client_secret: secret

回复:

enter image description here 对于您的情况,请确保在令牌请求中正确传递您的 Azure AD B2C 租户名称。

© www.soinside.com 2019 - 2024. All rights reserved.