Microsoft Azure ROPC流400错误请求

qyzbxkaa  于 2023-02-25  发布在  其他
关注(0)|答案(1)|浏览(124)

所以当我想使用azure ROPC flow时,我遇到了一些奇怪的行为。
当我用Postman测试端点时,一切正常。我已经得到了我需要的IdToken和AccessToken。
当我试图通过我自己的代码构建请求时。我得到了一个400坏的请求。
我使用完全相同的tenantId、clientId、clientSecret、作用域、grantType、用户名和密码。
显然我审查了真实的的价值观。
我的JavaScript fetch代码:

fetch('https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/v2.0/token', {
    method: 'POST',
    mode: 'no-cors',
    cache: 'no-cache',
    credentials: 'same-origin',
    headers: {
      'Content-Type': 'application/json'
    },
    redirect: 'follow',
    referrerPolicy: 'no-referrer',
    body: JSON.stringify({
        client_id: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
        client_secret: 'abcdefghijklmnopqrstuvwxyz',
        grant_type: 'password',
        password: 'secretPassword',
        scope: 'profile openid email user.read user.readbasic.all',
        username: 'user@test.com'
      })
  })

我的代码与Cypress请求:

cy.request({
        url: `https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/v2.0/token`,
        method: "POST",
        body: {
          grant_type: "password",
          client_id: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
          client_secret: 'abcdefghijklmnopqrstuvwxyz',
          scope: 'profile openid email user.read user.readbasic.all',
          username: 'user@test.com',
          password: 'secretPassword',
        },
        form: true,
    })
    .then((response) => {
        console.log(response)
        //injectTokens(response.body)
    })

这是我得到的错误,当我调用端点代码:

Body: {
  "error": "invalid_grant",
  "error_description": "AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '123ab123-12a1-1234-1234-abcdef123456'.\r\nTrace ID: 1234abcd-1234-1234-abcd-123412341234\r\nCorrelation ID: 12341234-1234-1234-1234-12341234a091\r\nTimestamp: 2021-07-02 12:10:51Z",
  "error_codes": [
    50079
  ],
  "timestamp": "2021-07-02 12:10:51Z",
  "trace_id": "12341234-1234-1234-1234-123412341234",
  "correlation_id": "1234123-1234-1234-1234-123412341234",
  "error_uri": "https://login.microsoftonline.com/error?code=50079",
  "suberror": "basic_action"
}

使用Postman,我得到200 OK:

{
    "token_type": "Bearer",
    "scope": "email profile User.Read User.ReadBasic.All openid",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "eyTooooooooooooken",
    "id_token": "eyToooooooooooken"
}
wtzytmuj

wtzytmuj1#

这是因为您登录的帐户启用了MFA。有关禁用每个用户的MFA,请参阅the documentation

相关问题