Fatal编程技术网
  • graph/
  • Graph msal acquireTokenSilent失败,静默身份验证被拒绝

Graph msal acquireTokenSilent失败,静默身份验证被拒绝

graph

Graph msal acquireTokenSilent失败,静默身份验证被拒绝,graph,msal,Graph,Msal,我使用的是msal angular,我不能使用MsalInterceptor,因为它处理每个请求,而我希望它只处理图形请求。 因此,我试图在我的应用程序中自己获得一个令牌 我是这样做的: MsalModule的配置 MsalModule.forRoot({ auth: { clientId: 'xxxxxx', authority: 'https://login.microsoftonline.com/common', redirectUri: 'my_url',

我使用的是msal angular,我不能使用MsalInterceptor,因为它处理每个请求,而我希望它只处理图形请求。 因此,我试图在我的应用程序中自己获得一个令牌

我是这样做的: MsalModule的配置

MsalModule.forRoot({
  auth: {
    clientId: 'xxxxxx',
    authority: 'https://login.microsoftonline.com/common',
    redirectUri: 'my_url',
  },
  cache: {
    cacheLocation: 'localStorage',
    storeAuthStateInCookie: false, // set to true for IE 11
  },
},
  {
    popUp: true,
    consentScopes:[
      'user.read',
      "calendars.read",
      "calendars.read.shared",
      "calendars.readwrite",
      "group.read.all",
      "openid",
      "profile"
    ],
  }),
我正在这样登录:

this.msalService.loginPopup({scopes: [
  'user.read',
  "calendars.read",
  "calendars.read.shared",
  "calendars.readwrite",
  "group.read.all",
  "openid",
  "profile"
]})
我正在拦截这样的登录成功

this.broadcastService.subscribe('msal:loginSuccess' ...

const result: AuthResponse = await this.msalService.acquireTokenSilent({scopes: [
  'user.read',
  "calendars.read",
  "calendars.read.shared",
  "calendars.readwrite",
  "group.read.all",
  "openid",
  "profile"
]}).catch((error) => {
  console.log(error);
});

const result: AuthResponse = await this.msalService.acquireTokenSilent({
  scopes: [
    'user.read',
    "calendars.read",
    "calendars.read.shared",
    "calendars.readwrite",
    "group.read.all",
    "openid",
    "profile"
  ]
}).catch((error) => {
  if (error.name === "InteractionRequiredAuthError") {
    return this.msalService.acquireTokenPopup({
      scopes: [
        'user.read',
        "calendars.read",
        "calendars.read.shared",
        "calendars.readwrite",
        "group.read.all",
        "openid",
        "profile"
      ]
    })
  }
});

return result.accessToken;
我想得到一个像这样的代币

this.broadcastService.subscribe('msal:loginSuccess' ...

const result: AuthResponse = await this.msalService.acquireTokenSilent({scopes: [
  'user.read',
  "calendars.read",
  "calendars.read.shared",
  "calendars.readwrite",
  "group.read.all",
  "openid",
  "profile"
]}).catch((error) => {
  console.log(error);
});

const result: AuthResponse = await this.msalService.acquireTokenSilent({
  scopes: [
    'user.read',
    "calendars.read",
    "calendars.read.shared",
    "calendars.readwrite",
    "group.read.all",
    "openid",
    "profile"
  ]
}).catch((error) => {
  if (error.name === "InteractionRequiredAuthError") {
    return this.msalService.acquireTokenPopup({
      scopes: [
        'user.read',
        "calendars.read",
        "calendars.read.shared",
        "calendars.readwrite",
        "group.read.all",
        "openid",
        "profile"
      ]
    })
  }
});

return result.accessToken;
我仍然收到这个错误:静默身份验证被拒绝。用户必须首先登录,并在需要时授予客户端应用程序对作用域“user.read calendars.read calendars.read.shared calendars.readwrite group.read.all openid profile”的访问权限。

这是我在Azure portal上的应用程序配置

我真的不明白这个问题是从哪里来的

谢谢你的帮助

[编辑] 当acquireTokenSilent像这样失败时,我可以通过调用acquireTokenPopup来获取访问令牌

this.broadcastService.subscribe('msal:loginSuccess' ...

const result: AuthResponse = await this.msalService.acquireTokenSilent({scopes: [
  'user.read',
  "calendars.read",
  "calendars.read.shared",
  "calendars.readwrite",
  "group.read.all",
  "openid",
  "profile"
]}).catch((error) => {
  console.log(error);
});

const result: AuthResponse = await this.msalService.acquireTokenSilent({
  scopes: [
    'user.read',
    "calendars.read",
    "calendars.read.shared",
    "calendars.readwrite",
    "group.read.all",
    "openid",
    "profile"
  ]
}).catch((error) => {
  if (error.name === "InteractionRequiredAuthError") {
    return this.msalService.acquireTokenPopup({
      scopes: [
        'user.read',
        "calendars.read",
        "calendars.read.shared",
        "calendars.readwrite",
        "group.read.all",
        "openid",
        "profile"
      ]
    })
  }
});

return result.accessToken;
}

它工作,但不断弹出一个窗口。 有人能给我解释一下原因吗

谢谢

我有类似的问题,只需使用以下代码即可获得异常

   this.broadcastService.subscribe('msal:acquireTokenFailure', (payload) => {
                    console.log(payload);    
                });
InteractionRequiredAuthError:静默身份验证被拒绝。用户必须首先登录,并在需要时授予客户端应用程序访问作用域的权限api://1cfd57f1-ad48-4396-b95c-7fa782a178b6/access_as_user openid配置文件'

文件中说:

InteractionRequiredAuthError:Error类,将ServerError扩展到 表示需要交互式调用的服务器错误。这个错误 如果需要用户交互,则由acquireTokenSilent引发 使用服务器为提供凭据或同意 认证/授权。错误代码包括 “需要交互”、“需要登录”和“需要同意”

对于使用重定向方法(LoginDirect、acquireTokenRedirect)的身份验证流中的错误处理,需要注册回调

因此,我将“this.msalService.loginDirect()”添加到回调方法以解决我的问题。我也不太明白,为什么要再次授予权限,但当man检查“MsalGuard”()的实现时,如果异常是通过获取令牌引发的,它将执行相同的代码“loginDirect”

顺便说一句,我还将客户端应用程序ID添加到我的API“Expose a API”中,以授权客户端而无需征得同意。我的应用程序最终修复了该异常

您必须强制执行同意弹出窗口来显示。 试试这个