无法获取 Office 365 的仅应用程序令牌。

huangapple go评论83阅读模式
英文:

Could not retrieve app only tokens for office 365

问题

我按照博客的指导开发了一个应用程序,可以在用户未登录的情况下读取其邮件:http://blogs.msdn.com/b/exchangedev/archive/2015/01/21/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx?CommentPosted=true#commentmessage

我获取了id令牌并获得了租户ID。但是当我尝试获取访问令牌时,出现了错误:

{"error":"invalid_client","error_description":"AADSTS70002: Error validating credentials. AADSTS50012: Client assertion contains an invalid signature.\r\nTrace ID: 9646a93b-0094-4736-8d21-aed08f04b06e\r\nCorrelation ID: 8dd562af-556d-4d90-9f71-a60f5a232215\r\nTimestamp: 2015-03-03 10:47:25Z","error_codes":[70002,50012],"timestamp":"2015-03-03 10:47:25Z","trace_id":"9646a93b-0094-4736-8d21-aed08f04b06e","correlation_id":"8dd562af-556d-4d90-9f71-a60f5a232215","submit_url":null,"context":null}

但是我按照说明创建了证书。我没有使用ADAL库,而是使用Go语言。所以我按照stackoverflow上的链接中的步骤进行操作:https://stackoverflow.com/questions/28351558/office-365-rest-api-daemon-week-authentication

我使用HMAC对字符串进行签名,然后进行Base64编码和URL编码,并按照上述帖子中的说明将其附加到字符串中。这是我的客户端断言:

eyJhbGciOiJSUzI1NiIsIng1dCI6IjZlLzEra01scHhuTHArZFJ4d1BqS21EdmZCQT0ifQ.eyJhdWQiOiJodHRwczovL2xvZ2luLndpbmRvd3MubmV0L2ZmNjQxNTFmLTIwM2EtNGM0MC1hZDcxLTExOTE2YjY2Yzg3My9vYXV0aDIvdG9rZW4iLCJleHAiOjE0MjU3Mzc2MDEsImlzcyI6Ijk3MjhiOGFiLTVhOGUtNGM0OC05YTZkLTZmMzFjMWYyZTdkYyIsImp0aSI6IjMyMDZiYWI5LTVmYmUtNDA3ZS02OWY2LTJlNGRjNDQ3NzQxYSIsIm5iZiI6MTQyNTc0MjYwMSwic3ViIjoiOTcyOGI4YWItNWE4ZS00YzQ4LTlhNmQtNmYzMWMxZjJlN2RjIn0.pG4okCzcgXZbS067U9BkGWid6Z6ExU7pbPYOlm2mSAg

我错在哪里?

英文:

I followed the blog to develop an application that reads mails of users without having them signed in: http://blogs.msdn.com/b/exchangedev/archive/2015/01/21/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx?CommentPosted=true#commentmessage

I got the id token and got the tenant Id. When i try to get the access token it throws an error:

{"error":"invalid_client","error_description":"AADSTS70002: Error validating cre
dentials. AADSTS50012: Client assertion contains an invalid signature.\r\nTrace
ID: 9646a93b-0094-4736-8d21-aed08f04b06e\r\nCorrelation ID: 8dd562af-556d-4d90-9
f71-a60f5a232215\r\nTimestamp: 2015-03-03 10:47:25Z","error_codes":[70002,50012]
,"timestamp":"2015-03-03 10:47:25Z","trace_id":"9646a93b-0094-4736-8d21-aed08f04
b06e","correlation_id":"8dd562af-556d-4d90-9f71-a60f5a232215","submit_url":null,
"context":null}

But I created the certificate as per the instructions. I am not using ADAL library. I am using go language. So i followed the steps in a stack overflow link: https://stackoverflow.com/questions/28351558/office-365-rest-api-daemon-week-authentication

I signed the string using HMAC base64 encoded it and URL encoded it and then appended to the string as explained in the above post. This is my client assertion

eyJhbGciOiJSUzI1NiIsIng1dCI6IjZlLzEra01scHhuTHArZFJ4d1BqS21EdmZCQT0ifQ.eyJhdWQiOiJodHRwczovL2xvZ2luLndpbmRvd3MubmV0L2ZmNjQxNTFmLTIwM2EtNGM0MC1hZDcxLTExOTE2YjY2Yzg3My9vYXV0aDIvdG9rZW4iLCJleHAiOjE0MjU3Mzc2MDEsImlzcyI6Ijk3MjhiOGFiLTVhOGUtNGM0OC05YTZkLTZmMzFjMWYyZTdkYyIsImp0aSI6IjMyMDZiYWI5LTVmYmUtNDA3ZS02OWY2LTJlNGRjNDQ3NzQxYSIsIm5iZiI6MTQyNTc0MjYwMSwic3ViIjoiOTcyOGI4YWItNWE4ZS00YzQ4LTlhNmQtNmYzMWMxZjJlN2RjIn0.pG4okCzcgXZbS067U9BkGWid6Z6ExU7pbPYOlm2mSAg

Where am I going wrong?

答案1

得分: 2

这个错误表明你的签名存在问题。与一个正常工作的签名相比,它要短得多。请确保你正在使用 RSA SHA-256 哈希算法对字符串进行签名。使用 HMAC 可能会导致问题。

英文:

The error indicates there's a problem with your signature. Comparing with a working one, it is way shorter. Be sure you're signing the string with an RSA SHA-256 hash. Using HMAC is probably causing the issue.

huangapple
  • 本文由 发表于 2015年3月3日 20:38:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/28832017.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定