英文:
Microsoft Graph Api gives Expired Device code today
问题
我一直在按照 Java 示例链接 测试 Microsoft Graph API 用户访问令牌。昨天它运行正常,但今天它总是给我一个 com.microsoft.aad.msal4j.MsalClientException: 已过期的设备代码 错误。我没有提供任何设备代码,并尝试了在 Azure Active Directory 管理中心 上创建的新注册应用程序:
Consumer<DeviceCode> deviceCodeConsumer = (DeviceCode deviceCode) -> {
System.out.println(deviceCode.message());
};
// 请求令牌,传递请求的权限范围
IAuthenticationResult result = app.acquireToken(
DeviceCodeFlowParameters
.builder(scopeSet, deviceCodeConsumer)
.build()
).exceptionally(ex -> {
System.out.println("无法进行身份验证 - " + ex.getMessage());
return null;
}).join();
英文:
I have been testing Microsoft Graph api user access token by following
Java example URL .
Yesterday it worked fine but today it always give me com.microsoft.aad.msal4j.MsalClientException: Expired Device code . I dont' give any device code and tried it with created new registered app on Azure Active Directory admin center
Consumer<DeviceCode> deviceCodeConsumer = (DeviceCode deviceCode) -> {
System.out.println(deviceCode.message());
};
// Request a token, passing the requested permission scopes
IAuthenticationResult result = app.acquireToken(
DeviceCodeFlowParameters
.builder(scopeSet, deviceCodeConsumer)
.build()
).exceptionally(ex -> {
System.out.println("Unable to authenticate - " + ex.getMessage());
return null;
}).join();
答案1
得分: 2
这是由于无效的设备代码请求引起的...其中expiresIn=0
。
我通过对DeviceFlowRequest::acquireDeviceCode
进行调试找到了错误。response
指出:“不支持所提供的客户端以使用此功能。客户端应用程序必须标记为'mobile.'”(但这被try/catch掩盖了,它返回了“过期的设备”错误。)
这为我提供了所需的线索,以便在https://aad.portal.azure.com/上更新应用程序 - 在“身份验证”中,在底部(在高级设置下),我忽略了勾选“允许公共客户端流” - “启用以下移动和桌面流”,然后点击保存按钮(在顶部)。
英文:
This was caused by an invalid device code request...which had expiresIn=0
.
I found my error by debugging into DeviceFlowRequest::acquireDeviceCode
. The response
stated that "The provided client is not supported for this feature. The client application must be marked as 'mobile.'". (But this was masked by the try/catch which returned "Expired Device" error.)
This gave me the hint I needed on to update the application on https://aad.portal.azure.com/ - In Authentication, at the bottom (under advanced settings), I had neglected to check "Allow public client flows" - "Enable the following mobile and desktop flows", and click the save button (at the top).
答案2
得分: 1
看起来浏览器在 cookie 中使用了一个过期的设备代码。
设备代码由项目生成并提供给您。然后您使用它进行身份验证。
我没有发现您的代码有什么问题。
一个解决方法是在此处下载已完成的项目这里,然后按照自述文件运行它。
英文:
Looks like the browser uses a Expired Device code in cookie.
The device code is generated by the project and provided to you. Then you use it to authenticate.
I didn't find if there is something wrong with your code.
A workaround is to download the completed project here and follow the README to run it.
答案3
得分: 0
我遇到了同样的问题。我从教程步骤中唯一更改的是选择支持帐户类型中的第1个选项。我通过选择第2个选项解决了这个问题(我猜第3个选项也可以)。但是,这在目前还不被 Microsoft 身份平台支持。点击此处了解更多详情。
因此,我只有两个选项(如下图片中的第1个和第2个选项)。
英文:
I had the same problem. The only thing I changed from the tutorial steps is selecting the 1st option in support account types. I was bale to solve this problem by selecting 2nd option (3rd option also will work I guess). But it is not currently supported by Microsoft identity platforms.Refer here for more details
Therefore I had only 2 options (1st and 2nd in below picture).
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论