Microsoft Authentication_MissingOrMalformed

Question

我正在使用oauth2/token对我的应用程序进行身份验证并获取access_token。Bellow是运行良好的java代码。

    private String getToken() throws Exception {
        String access_token = "";
        String url = "https://login.windows.net/MyApplication_ID_here/oauth2/token";
        HttpClient client = HttpClients.createDefault();
        HttpPost post = new HttpPost(url);

        post.setHeader("Content-Type", "application/x-www-form-urlencoded");

        List<NameValuePair> urlParameters = new ArrayList<NameValuePair>();
        urlParameters.add(new BasicNameValuePair("grant_type", "client_credentials"));
        urlParameters.add(new BasicNameValuePair("client_id", "MyApplication_ID_here"));
        urlParameters.add(new BasicNameValuePair("client_secret", "MyApplication_secret_here"));
        urlParameters.add(new BasicNameValuePair("resource", "https://graph.microsoft.com"));

        post.setEntity(new UrlEncodedFormEntity(urlParameters));

        HttpResponse response = client.execute(post);
        System.out.println("Sending 'POST' request to URL : " + url);
        System.out.println("Post parameters : " + post.getEntity());
        System.out.println("Response Code : " + response.getStatusLine().getStatusCode());

        String responseAsString = EntityUtils.toString(response.getEntity());
        System.out.println(responseAsString);
        try {
            access_token = responseAsString.split(",")[6].split("\"")[3]; // get the access_token from response 
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
        return access_token;
}

响应:

{"token_type":"Bearer","expires_in":"3599","ext_expires_in":"0","expires_on":"1493011626","not_before":"1493007726","resource":"https://graph.microsoft.com","access_token":"eyJ0e..."}

然后，我使用access_token加载memberOf值，该值无法工作，并给出了访问令牌丢失或格式错误的错误。Bellow是java代码。

private void getMemberOf()
{
    HttpClient httpclient = HttpClients.createDefault();
    try
    {
        URIBuilder builder = new URIBuilder("https://graph.windows.net/MyApplication_ID_here/users/test@testABC.onmicrosoft.com/memberOf?api-version=1.6");
        URI uri = builder.build();
        HttpGet request = new HttpGet(uri);
        request.addHeader("Authorization", "Bearer " + access_token);
        request.addHeader("Content-Type", "application/json");

        HttpResponse response = httpclient.execute(request);
        HttpEntity entity = response.getEntity();
        System.out.println("Response Code : " + response.getStatusLine().getStatusCode());
        if (entity != null) {
            System.out.println(EntityUtils.toString(entity));
        }
    }
    catch (Exception e)
    {
        e.getMessage();
    }
}

响应:

Response Code : 401
{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."},"date":"2017-04-24T04:39:38","requestId":"c5aa2abe-9b37-4611-8db1-107e3ec08c14","values":null}}

，有人能告诉我上述要求的哪一部分是错误的吗？我没有正确设置access_token吗？

Answer 1

根据您的代码，您的访问令牌用于资源"https://graph.microsoft.com"(Microsoft )，但访问令牌用于"https://graph.windows.net"(AAD )：

 URIBuilder builder = new URIBuilder("https://graph.windows.net/MyApplication_ID_here/users/test@testABC.onmicrosoft.com/memberOf?api-version=1.6");

如果要调用Azure AD图api，则需要获得Azure AD图API的访问令牌。

Answer 2

在通过API对Azure B2C服务执行CRUD操作时，我遇到了这个问题，用于用户管理。

这样做的目的是获取资源"graph.windows.net“的访问令牌，而不是像建议的这里那样使用租户App。

*可能会帮助那些面临同样问题并在这里落脚的人