如何获取Microsoft Graph的访问令牌 — Azure文档不正确

huangapple
go评论61阅读模式
英文:

How do I get an access token for Microsoft Graph -- Azure docs are incorrect

问题

我正在尝试使用OAuth 2.0客户端凭据授权流获取访问令牌,遵循第4步。这是我的curl命令:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d '{"grant_type":"client_credentials","client_id":"my_client_id", "client_secret":"my_client_secret", "scope":"https://graph.windows.com/.default"}' https://login.microsoftonline.com/my_tenant_id/oauth2/v2.0/token

它返回了以下错误消息,这显然是错误的,因为我的请求正文包括grant_type

{"error":"invalid_request","error_description":"AADSTS900144: 请求正文必须包含以下参数:'grant_type'。\r\nTrace ID: a95260ff-63b6-405f-880b-738bfda33b00\r\nCorrelation ID: d606ab93-59c7-4d7d-ac45-643074e23a75\r\nTimestamp: 2023-02-24 02:29:25Z","error_codes":[900144],"timestamp":"2023-02-24 02:29:25Z","trace_id":"a95260ff-63b6-405f-880b-738bfda33b00","correlation_id":"d606ab93-59c7-4d7d-ac45-643074e23a75","error_uri":"https://login.microsoftonline.com/error?code=900144"}

我该如何获取访问令牌以使用http://graph.windows.net查找已注册应用程序的信息?

英文:

I'm trying to get an access token using the OAuth 2.0 client credentials grant flow following Step 4. Here's my curl

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d '{"grant_type":"client_credentials","client_id":"my_client_id", "client_secret":"my_client_secret", "scope":"https://graph.windows.com/.default"}' https://login.microsoftonline.com/my_tenant_id/oauth2/v2.0/token

It gives this error message which is clearly wrong because my request body includes grant_type:

{"error":"invalid_request","error_description":"AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: a95260ff-63b6-405f-880b-738bfda33b00\r\nCorrelation ID: d606ab93-59c7-4d7d-ac45-643074e23a75\r\nTimestamp: 2023-02-24 02:29:25Z","error_codes":[900144],"timestamp":"2023-02-24 02:29:25Z","trace_id":"a95260ff-63b6-405f-880b-738bfda33b00","correlation_id":"d606ab93-59c7-4d7d-ac45-643074e23a75","error_uri":"https://login.microsoftonline.com/error?code=900144"}

How can I get an access token to use http://graph.windows.net to find out about a registered application?

答案1

得分: 1

I tried to reproduce the same in my environment and got below results:

I registered one Azure AD application and added API permissions like below:

如何获取Microsoft Graph的访问令牌 — Azure文档不正确

To run the same curl command via Postman, I clicked on Import and pasted code like this:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d '{"grant_type":"client_credentials","client_id":"678b1771-0703-401e-8056-xxxxxxxxxx", "client_secret":"xxxxxxxxxxxxxxxx", "scope":"https://graph.windows.com/.default"}' https://login.microsoftonline.com/58e70374-11f2-4e91-af40-xxxxxxxxxxx/oauth2/v2.0/token

如何获取Microsoft Graph的访问令牌 — Azure文档不正确

After selecting Continue, it took me to the next screen like this:

如何获取Microsoft Graph的访问令牌 — Azure文档不正确

When I clicked on Import, I got the screen with below parameters where I got same error after selecting Send like this:

如何获取Microsoft Graph的访问令牌 — Azure文档不正确

You are getting that error because you are not passing the parameters in correct format.

To resolve the error, try changing your curl command by passing parameters separated by & in below format:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id=<apID>&client_secret=<secret>&scope=https%3A%2F%2Fgraph.windows.com%2F.default' https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token

I changed the curl command by passing parameters in the above format and imported it again like this:

如何获取Microsoft Graph的访问令牌 — Azure文档不正确

When I clicked on import, parameters passed correctly in Body section but got different error like this:

grant_type:client_credentials
client_id:<appID>
client_secret: <secret>
scope: https://graph.windows.com/.default```

**Response:**

![enter image description here](https://i.stack.imgur.com/M9Q9T.png)

To **resolve** the above error, I changed **`scope`** value to *https://graph.microsoft.com/.default* and got **access token** successfully like this:

```POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:client_credentials
client_id:<appID>
client_secret: <secret>
scope: https://graph.microsoft.com/.default```

**Response:**

![enter image description here](https://i.stack.imgur.com/N3oZO.png)

In your case, you need to change your **curl command** by passing parameters in the correct format separated by **`&`** and **scope** value too like this:

```curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id=<appID>&client_secret=<secret>&scope=https://graph.microsoft.com/.default' https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token```

<details>
<summary>英文:</summary>

***I tried to reproduce the same in my environment and got below results:***

I registered one Azure AD application and added **API permissions** like below:

![enter image description here](https://i.stack.imgur.com/iSzCa.png)

To run the same **curl command** via Postman, I clicked on Import and pasted code like this:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d '{"grant_type":"client_credentials","client_id":"678b1771-0703-401e-8056-xxxxxxxxxx", "client_secret":"xxxxxxxxxxxxxxxx", "scope":"https://graph.windows.com/.default"}' https://login.microsoftonline.com/58e70374-11f2-4e91-af40-xxxxxxxxxxx/oauth2/v2.0/token

![enter image description here](https://i.stack.imgur.com/omQeq.png)

After selecting **Continue**, it took me to next screen like this:

![enter image description here](https://i.stack.imgur.com/kblMZ.png)

When I clicked on `Import`, I got the screen with below parameters where I got **same error** after selecting Send like this:

![enter image description here](https://i.stack.imgur.com/BlIiN.png)

&gt; You are getting that error because you are not passing the parameters in **correct** format.

To resolve the error, try changing your **curl command** by passing parameters separated by `&amp;` in below format:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id=<apID>&client_secret=<secret>&scope=https%3A%2F%2Fgraph.windows.com%2F.default' https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/token

I changed the **curl command** by passing parameters in above format and imported it again like this:

![enter image description here](https://i.stack.imgur.com/PqpXU.png)

When I clicked on import, parameters passed correctly in **`Body`** section but got **different error** like this:

POST https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/token
grant_type:client_credentials
client_id:<appID>
client_secret: <secret>
scope: https://graph.windows.com/.default

**Response:**

![enter image description here](https://i.stack.imgur.com/M9Q9T.png)

To **resolve** the above error, I changed **`scope`** value to *https://graph.microsoft.com/.default* and got **access token** successfully like this:

POST https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/token
grant_type:client_credentials
client_id:<appID>
client_secret: <secret>
scope: https://graph.microsoft.com/.default

**Response:**

alure![enter image description here](https://i.stack.imgur.com/N3oZO.png)

In your case, you need to change your **curl command** by passing parameters in correct format separated by **`&amp;`** and **scope** value too like this:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id=<appID>&client_secret=<secret>&scope=https://graph.microsoft.com/.default' https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/token


</details>

huangapple
  • 本文由 发表于 2023年2月24日 10:43:07
  • 转载请务必保留本文链接:https://go.coder-hub.com/75552174.html
  • azure
  • clientcredential
  • oauth-2.0
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定