英文:
MS Graph Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type. while getting refresh toekn
问题
我正在尝试从Javascript获取MS Graph API的访问令牌和刷新令牌。
在从以下API获取Authcode时运行正常:
https://login.microsoftonline.com/{TenetID}/oauth2/v2.0/authorize
但是当尝试从以下API获取刷新令牌和访问令牌时:
https://login.microsoftonline.com/{TenetID}/oauth2/v2.0/token
但是始终收到以下错误消息:
跨源令牌赎回仅允许“单页应用程序”客户端类型。获取刷新令牌时
我已经在Azure端使用了SPA和Web两种平台,但没有成功,请建议正确的解决方案。
英文:
I am trying to get access token and refresh token of MS Graph API from Javascript .
It works fine while getting Authcode from following API :
https://login.microsoftonline.com/{TenetID}/oauth2/v2.0/authorize
But when trying to get RefreshToken and Access token from following API :
https://login.microsoftonline.com/{TenetID}/oauth2/v2.0/token'
But getting following error all the time :
Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type. while getting refresh toekn
I have Used SPA & Web both plateform at Azure side but no luck please suggest for correct solution
答案1
得分: 3
请仔细检查您正在使用的身份验证流程,确保不要混淆请求。如果您正在使用适用于单页应用程序的客户端凭据流程,而它实际上是用于服务器端保密客户端应用程序的流程,那么就会出现此错误。这是因为对于单页应用程序,无法确保客户端密钥的安全性。请确保您正在实施适用于单页应用程序的授权码流程。或者,您可以使用MSAL来进行实现,它可以处理身份验证并仍然允许您获取刷新令牌。
还可以查看您发送到这两个端点的有效载荷,以帮助确定问题的根源。
英文:
Double check on the Auth-flow you are using and ensure you are not mismatching the requests. This error arises if you are using a Client Credentials Flow which is intended for server side confidential client applications on your Single Page App. This is because for SPA, it is not possible to secure the client secret. Ensure you are implementing the authorization code flow which is meant for SPAs. Alternatively implement using MSAL which can handle authentication and still allow you to get refresh tokens.
It would also be good to see the payload you are sending to the two endpoints to help determine where the issue is coming from.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论