程序员经验分享-hwhale

invalid_scope 错误 AADSTS70011,为什么我收到此错误

2024-06-22 
public string[] scopes1 = new string[]
{
    "https://graph.microsoft.com/User.Read",
    "https://graph.microsoft.com/User.ReadWrite",
    "https://graph.microsoft.com/User.ReadBasic.All",
    "https://graph.microsoft.com/Mail.Send",
    "https://graph.microsoft.com/Calendars.ReadWrite",
    "https://graph.microsoft.com/Mail.ReadWrite",
    "https://graph.microsoft.com/Files.ReadWrite",

};

public async Task<string> GetAccessToken2()
{
    string url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?";//https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
    using (var client = new HttpClient())
    {
        client.BaseAddress = new Uri(url);


        // We want the response to be JSON.
        client.DefaultRequestHeaders.Accept.Clear();
        client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

        // Build up the data to POST.
        List<KeyValuePair<string, string>> postData = new List<KeyValuePair<string, string>>();
        postData.Add(new KeyValuePair<string, string>("grant_type", "client_credentials"));
        postData.Add(new KeyValuePair<string, string>("client_id", appId));
        postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
        postData.Add(new KeyValuePair<string, string>("response_type", "code"));
        postData.Add(new KeyValuePair<string, string>("response_mode", "query"));
        // postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));               
        //postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
        postData.Add(new KeyValuePair<string, string>("redirect_uri", "http://localhost/5341/Home/AddC"));
        postData.Add(new KeyValuePair<string, string>("Scope",string.Join(" ", scopes1)));// "openid offline_access https://graph.microsoft.com/mail.read"));
        postData.Add(new KeyValuePair<string, string>("state", "12345"));

        FormUrlEncodedContent content = new FormUrlEncodedContent(postData);

        // Post to the Server and parse the response.
        HttpResponseMessage response = await client.PostAsync("Token", content);
        string jsonString = await response.Content.ReadAsStringAsync();
        object responseData = JsonConvert.DeserializeObject(jsonString);             

        // return the Access Token.
        return ((dynamic)responseData).access_token;
    }
}

{"error":"invalid_scope","error_description":"AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.ReadWrite https://graph.microsoft.com/User.ReadWrite https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/Mail.Send https://graph.microsoft.com/Mail.Send https://graph.microsoft.com/Calendars.ReadWrite https://graph.microsoft.com/Calendars.ReadWrite https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/Files.ReadWrite https://graph.microsoft.com/Files.ReadWrite is not valid.\r\nTrace ID: 17e465ac-9aca-4615-8021-f48ee8f00900\r\nCorrelation ID: 47a584ed-07ca-4a51-bdd1-8cb7364de3ee\r\nTimestamp: 2017-09-15 12:39:26Z","error_codes":[70011],"timestamp":"2017-09-15 12:39:26Z","trace_id":"17e465ac-9aca-4615-8021-f48ee8f00900","correlation_id":"47a584ed-07ca-4a51-bdd1-8cb7364de3ee"}


致电给https://login.microsoftonline.com/common/oauth2/v2.0/authorize is an HTTP GET, not a POST。这是回调函数,它获取授权代码并发出一个POST to https://login.microsoftonline.com/common/oauth2/v2.0/token.

最初的原型GET是(为了可读性换行):

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=[APPLICATION ID]&
response_type=code&
redirect_uri=[REDIRECT URI]&
scope=[SCOPE]

第二阶段发出POST。该原型是:

POST URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
POST HEADER: Content-Type: application/x-www-form-urlencoded
POST BODY: grant_type=authorization_code&code=[AUTHORIZATION CODE]&
           client_id=[APPLICATION ID]&client_secret=[PASSWORD]
           &scope=[SCOPE]&redirect_uri=[REDIRECT URI]

也并不是说这不是 JSON,Content-Type is application/x-www-form-urlencoded.

我不久前写了一篇文章,介绍了 v2 端点的授权代码流程,您可能会发现它很有帮助:Microsoft v2 端点入门 http://massivescale.com/microsoft-v2-endpoint-primer/

本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)

aspnet

oauth20

microsoftgraphapi

office365api

invalid_scope 错误 AADSTS70011,为什么我收到此错误 的相关文章

随机推荐

热门标签