我试图通过 powershell 获取不记名令牌,但我不断收到秘密无效的错误。
Invoke-RestMethod : {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret
being sent in the request is the client secret value, not the client secret ID, for a secret added to app
我已经尝试/创建了几个不同的秘密值,它们没有过期并且绝对有效。
这是我正在使用的脚本:
Function Connect-MgGraph -clientID 'CLIENTID' -tenantID 'TENANTID' -clientSecret 'SECRETVALUE' {
[CmdletBinding()]
Param (
[Parameter(Mandatory)]
[string]$clientID,
[Parameter(Mandatory)]
[string]$tenantID,
[Parameter(Mandatory)]
[string]$clientSecret
)
begin {
$ReqTokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
client_Id = $clientID
Client_Secret = $clientSecret
}
}
process {
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody
}
end {
return $tokenResponse
}
}
函数内的实际代码很好。您传递和接收变量的方式存在问题。 您可以尝试以下应该有效的方法。最后一行调用您定义的函数。
Function Connect-MgGraph {
[CmdletBinding()]
Param (
[Parameter(Mandatory)]
[string]$clientID,
[Parameter(Mandatory)]
[string]$tenantID,
[Parameter(Mandatory)]
[string]$clientSecret
)
begin {
Write-Host $clientID
Write-Host $tenantID
Write-Host $clientSecret
$ReqTokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
client_Id = $clientID
Client_Secret = $clientSecret
}
}
process {
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody
}
end {
return $tokenResponse
}
}
Connect-MgGraph -clientID <your-client-id> -tenantID <your-tenant-id> -clientSecret <your-secret>