所以当我想使用azure ROPC flow时,我遇到了一些奇怪的行为。
当我用Postman测试端点时,一切正常。我已经得到了我需要的IdToken和AccessToken。
当我试图通过我自己的代码构建请求时。我得到了一个400坏的请求。
我使用完全相同的tenantId、clientId、clientSecret、作用域、grantType、用户名和密码。
显然我审查了真实的的价值观。
我的JavaScript fetch代码:
fetch('https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/v2.0/token', {
method: 'POST',
mode: 'no-cors',
cache: 'no-cache',
credentials: 'same-origin',
headers: {
'Content-Type': 'application/json'
},
redirect: 'follow',
referrerPolicy: 'no-referrer',
body: JSON.stringify({
client_id: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
client_secret: 'abcdefghijklmnopqrstuvwxyz',
grant_type: 'password',
password: 'secretPassword',
scope: 'profile openid email user.read user.readbasic.all',
username: 'user@test.com'
})
})
我的代码与Cypress请求:
cy.request({
url: `https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/v2.0/token`,
method: "POST",
body: {
grant_type: "password",
client_id: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
client_secret: 'abcdefghijklmnopqrstuvwxyz',
scope: 'profile openid email user.read user.readbasic.all',
username: 'user@test.com',
password: 'secretPassword',
},
form: true,
})
.then((response) => {
console.log(response)
//injectTokens(response.body)
})
这是我得到的错误,当我调用端点代码:
Body: {
"error": "invalid_grant",
"error_description": "AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '123ab123-12a1-1234-1234-abcdef123456'.\r\nTrace ID: 1234abcd-1234-1234-abcd-123412341234\r\nCorrelation ID: 12341234-1234-1234-1234-12341234a091\r\nTimestamp: 2021-07-02 12:10:51Z",
"error_codes": [
50079
],
"timestamp": "2021-07-02 12:10:51Z",
"trace_id": "12341234-1234-1234-1234-123412341234",
"correlation_id": "1234123-1234-1234-1234-123412341234",
"error_uri": "https://login.microsoftonline.com/error?code=50079",
"suberror": "basic_action"
}
使用Postman,我得到200 OK:
{
"token_type": "Bearer",
"scope": "email profile User.Read User.ReadBasic.All openid",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyTooooooooooooken",
"id_token": "eyToooooooooooken"
}
1条答案
按热度按时间wtzytmuj1#
这是因为您登录的帐户启用了MFA。有关禁用每个用户的MFA,请参阅the documentation