微软Graph API今天提供了过期的设备代码。

huangapple go评论78阅读模式
英文:

Microsoft Graph Api gives Expired Device code today

问题

我一直在按照 Java 示例链接 测试 Microsoft Graph API 用户访问令牌。昨天它运行正常,但今天它总是给我一个 com.microsoft.aad.msal4j.MsalClientException: 已过期的设备代码 错误。我没有提供任何设备代码,并尝试了在 Azure Active Directory 管理中心 上创建的新注册应用程序:

Consumer<DeviceCode> deviceCodeConsumer = (DeviceCode deviceCode) -> {
    System.out.println(deviceCode.message());
};

// 请求令牌,传递请求的权限范围
IAuthenticationResult result = app.acquireToken(
        DeviceCodeFlowParameters
                .builder(scopeSet, deviceCodeConsumer)
                .build()
).exceptionally(ex -> {
    System.out.println("无法进行身份验证 - " + ex.getMessage());
    return null;
}).join();
英文:

I have been testing Microsoft Graph api user access token by following
Java example URL .
Yesterday it worked fine but today it always give me com.microsoft.aad.msal4j.MsalClientException: Expired Device code . I dont' give any device code and tried it with created new registered app on Azure Active Directory admin center

    Consumer&lt;DeviceCode&gt; deviceCodeConsumer = (DeviceCode deviceCode) -&gt; {
        System.out.println(deviceCode.message());
    };

    // Request a token, passing the requested permission scopes
    IAuthenticationResult result = app.acquireToken(
            DeviceCodeFlowParameters
                    .builder(scopeSet, deviceCodeConsumer)
                    .build()
    ).exceptionally(ex -&gt; {
        System.out.println(&quot;Unable to authenticate - &quot; + ex.getMessage());
        return null;
    }).join();

答案1

得分: 2

这是由于无效的设备代码请求引起的...其中expiresIn=0

我通过对DeviceFlowRequest::acquireDeviceCode进行调试找到了错误。response指出:“不支持所提供的客户端以使用此功能。客户端应用程序必须标记为'mobile.'”(但这被try/catch掩盖了,它返回了“过期的设备”错误。)

这为我提供了所需的线索,以便在https://aad.portal.azure.com/上更新应用程序 - 在“身份验证”中,在底部(在高级设置下),我忽略了勾选“允许公共客户端流” - “启用以下移动和桌面流”,然后点击保存按钮(在顶部)。

英文:

This was caused by an invalid device code request...which had expiresIn=0.

I found my error by debugging into DeviceFlowRequest::acquireDeviceCode. The response stated that "The provided client is not supported for this feature. The client application must be marked as 'mobile.'". (But this was masked by the try/catch which returned "Expired Device" error.)

This gave me the hint I needed on to update the application on https://aad.portal.azure.com/ - In Authentication, at the bottom (under advanced settings), I had neglected to check "Allow public client flows" - "Enable the following mobile and desktop flows", and click the save button (at the top).

答案2

得分: 1

看起来浏览器在 cookie 中使用了一个过期的设备代码。

设备代码由项目生成并提供给您。然后您使用它进行身份验证。

我没有发现您的代码有什么问题。

一个解决方法是在此处下载已完成的项目这里,然后按照自述文件运行它。

英文:

Looks like the browser uses a Expired Device code in cookie.

The device code is generated by the project and provided to you. Then you use it to authenticate.

I didn't find if there is something wrong with your code.

A workaround is to download the completed project here and follow the README to run it.

答案3

得分: 0

我遇到了同样的问题。我从教程步骤中唯一更改的是选择支持帐户类型中的第1个选项。我通过选择第2个选项解决了这个问题(我猜第3个选项也可以)。但是,这在目前还不被 Microsoft 身份平台支持。点击此处了解更多详情

因此,我只有两个选项(如下图片中的第1个和第2个选项)。

微软Graph API今天提供了过期的设备代码。

英文:

I had the same problem. The only thing I changed from the tutorial steps is selecting the 1st option in support account types. I was bale to solve this problem by selecting 2nd option (3rd option also will work I guess). But it is not currently supported by Microsoft identity platforms.Refer here for more details

Therefore I had only 2 options (1st and 2nd in below picture).

微软Graph API今天提供了过期的设备代码。

huangapple
  • 本文由 发表于 2020年10月14日 22:44:27
  • 转载请务必保留本文链接:https://go.coder-hub.com/64355829.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定