JavaSpring中访问令牌的Outlook API返回400个错误请求 代码似乎没有任何错误 这是一个测试应用程序,所有ID都可用 在函数getToken()中,也可以取消对 getScopes()并进一步尝试 我有一个带有按钮的index.jsp 按下按钮时,“oauthorize”被激活以生成代码和id_令牌 我可以登录,生成代码和id_令牌 这些值显示在带有按钮的“authtoken.jsp”上 该按钮将发布到/common/oauth2/v2.0/token 在此阶段,Microsoft页面上将显示400个错误请求
我不确定出了什么问题:JavaSpring中访问令牌的Outlook API返回400个错误请求 代码似乎没有任何错误 这是一个测试应用程序,所有ID都可用 在函数getToken()中,也可以取消对 getScopes()并进一步尝试 我有一个带有按钮的index.jsp 按下按钮时,“oauthorize”被激活以生成代码和id_令牌 我可以登录,生成代码和id_令牌 这些值显示在带有按钮的“authtoken.jsp”上 该按钮将发布到/common/oauth2/v2.0/token 在此阶段,Microsoft页面上将显示400个错误请求,java,spring,outlook-api,Java,Spring,Outlook Api,我不确定出了什么问题: import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Controller; import org.springframework.ui.Mod
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.util.UriComponentsBuilder;
@Controller
public class IndexController {
//all oauth2 urls
private static final String authority = "https://login.microsoftonline.com";
private static final String authorizeUrl = authority + "/common/oauth2/v2.0/authorize";
private static final String tokenUrl = authority + "/common/oauth2/v2.0/token";
private static final String redirectUrl = "http://localhost:8080/OutlookProfiles/authtoken";
private static final String reTokenUrl = "http://localhost:8080/OutlookProfiles/showToken";
//credentials
private static final String appId = "7414b3a3-26f1-4928-9d0b-7060d01dd41c";
private static final String appPassword = "cQg9F0EaxuaErNp2YEgYaz8";
private static final String[] scopes = {
"openid",
"offline_access",
"profile",
"User.Read",
"Contacts.Read",
"Mail.Read"
};
@RequestMapping(value = "/index", method = RequestMethod.GET)
public String index(Model model, HttpServletRequest request, HttpServletResponse response){
UUID state = UUID.randomUUID();
UUID nonce = UUID.randomUUID();
// Save the state and nonce in the session so we can
// verify after the auth process redirects back
HttpSession session = request.getSession();
session.setAttribute("expected_state", state);
session.setAttribute("expected_nonce", nonce);
return "index";
}
@RequestMapping(value = "/oauthorize", method = RequestMethod.POST)
public void oauthorize(Model model, HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
try{
UUID state = UUID.randomUUID();
UUID nonce = UUID.randomUUID();
HttpSession session = servletRequest.getSession();
session.setAttribute("expected_state", state);
session.setAttribute("expected_nonce", nonce);
session.setAttribute("error", null);
UriComponentsBuilder urlBuilder = UriComponentsBuilder.fromHttpUrl(authorizeUrl);
urlBuilder.queryParam("client_id", appId);
urlBuilder.queryParam("redirect_uri", redirectUrl);
urlBuilder.queryParam("response_type", "code id_token");
urlBuilder.queryParam("scope", getScopes());
urlBuilder.queryParam("state", state);
urlBuilder.queryParam("nonce", nonce);
urlBuilder.queryParam("response_mode", "form_post");
String locationUri = urlBuilder.toUriString();
System.out.println(locationUri);
servletResponse.sendRedirect(locationUri);
}catch(Exception e){
e.printStackTrace();
}
}
@RequestMapping(value = "/authtoken", method = RequestMethod.POST)
public String authorize(
@RequestParam("code") String code,
@RequestParam("id_token") String idToken,
@RequestParam("state") UUID state,
HttpServletRequest servletRequest,
HttpServletResponse servletResponse) {
// Get the expected state value from the session
HttpSession session = servletRequest.getSession();
UUID expectedState = (UUID) session.getAttribute("expected_state");
UUID expectedNonce = (UUID) session.getAttribute("expected_nonce");
String strState = state.toString().trim().toLowerCase();
String strExState = expectedState.toString().trim().toLowerCase();
// Make sure that the state query parameter returned matches
// the expected state
if (strState.equals(strExState)){
session.setAttribute("authCode", code);
session.setAttribute("idToken", idToken);
System.out.println("Expectedstate : NO Error");
}else {
session.setAttribute("error", "Unexpected state returned from authority.");
System.out.println("\n\nUnexpected state returned from authority.");
}
return "authtoken";
}
@RequestMapping(value = "/getToken", method = RequestMethod.POST)
public void getToken(
HttpServletRequest servletRequest,
HttpServletResponse servletResponse) {
try{
HttpSession session = servletRequest.getSession();
String strCode = (String) session.getAttribute("authCode");
UriComponentsBuilder urlBuilder = UriComponentsBuilder.fromHttpUrl(tokenUrl);
urlBuilder.queryParam("client_id", appId);
urlBuilder.queryParam("client_secret", appPassword);
urlBuilder.queryParam("code", strCode);
urlBuilder.queryParam("redirect_uri", redirectUrl);
urlBuilder.queryParam("grant_type", "authorization_code");
urlBuilder.queryParam("scope", getScopes());
String locationUri = urlBuilder.toUriString();
System.out.println("getToken : " + locationUri);
servletResponse.setHeader("Content-Type", "application/x-www-form-urlencoded");
servletResponse.sendRedirect(locationUri);
}catch(Exception e){
e.printStackTrace();
}
}
@RequestMapping(value = "/showToken", method = RequestMethod.POST)
public String showToken(
@RequestParam("token_type") String code,
@RequestParam("expires_in") String idToken,
@RequestParam("access_token") String accessToken,
//@RequestParam("scope") String paramScope,
HttpServletRequest servletRequest,
HttpServletResponse servletResponse) {
return "getToken";
}
@RequestMapping("/logout")
public String logout(HttpServletRequest request) {
HttpSession session = request.getSession();
session.invalidate();
return "index";
}
private static String getScopes() {
StringBuilder sb = new StringBuilder();
for (String scope: scopes) {
sb.append(scope + " ");
}
String strscope = sb.toString().trim();
System.out.println(strscope);
return strscope;
}
}
- 访问令牌的Microsoft Outlook API终结点: 需要基于表单的帖子,即application/x-www-form-urlencoded
- 这意味着所有输入参数都应该是基于表单的,而不是附加url
- 因此,从技术上讲,使用UriComponentsBuilder的代码是错误的
- 代码应该使用基于JSON或基于表单的方法,使用HttpClient和HttpPost,或者使用基于OKHttp3的OKHttpClient和RequestBody
import java.util.List;
import java.util.ArrayList;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.util.UriComponentsBuilder;
@Controller
public class IndexController {
//all oauth2 urls
private static final String authority = "https://login.microsoftonline.com";
private static final String authorizeUrl = authority + "/common/oauth2/v2.0/authorize";
private static final String tokenUrl = authority + "/common/oauth2/v2.0/token";
private static final String redirectUrl = "http://localhost:8080/OutlookProfiles/authtoken";
private static final String reTokenUrl = "http://localhost:8080/OutlookProfiles/showToken";
//credentials
private static final String appId = "7414b3a3-26f1-4928-9d0b-7060d01dd41c";
private static final String appPassword = "cQg9F0EaxuaErNp2YEgYaz8";
private static final String[] scopes = {
"openid",
"offline_access",
"profile",
"User.Read",
"Contacts.Read",
"Mail.Read"
};
@RequestMapping(value = "/index", method = RequestMethod.GET)
public String index(Model model, HttpServletRequest request, HttpServletResponse response){
UUID state = UUID.randomUUID();
UUID nonce = UUID.randomUUID();
// Save the state and nonce in the session so we can
// verify after the auth process redirects back
HttpSession session = request.getSession();
session.setAttribute("expected_state", state);
session.setAttribute("expected_nonce", nonce);
return "index";
}
@RequestMapping(value = "/oauthorize", method = RequestMethod.POST)
public void oauthorize(Model model, HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
try{
UUID state = UUID.randomUUID();
UUID nonce = UUID.randomUUID();
HttpSession session = servletRequest.getSession();
session.setAttribute("expected_state", state);
session.setAttribute("expected_nonce", nonce);
session.setAttribute("error", null);
UriComponentsBuilder urlBuilder = UriComponentsBuilder.fromHttpUrl(authorizeUrl);
urlBuilder.queryParam("client_id", appId);
urlBuilder.queryParam("redirect_uri", redirectUrl);
urlBuilder.queryParam("response_type", "code id_token");
urlBuilder.queryParam("scope", getScopes());
urlBuilder.queryParam("state", state);
urlBuilder.queryParam("nonce", nonce);
urlBuilder.queryParam("response_mode", "form_post");
String locationUri = urlBuilder.toUriString();
System.out.println(locationUri);
servletResponse.sendRedirect(locationUri);
}catch(Exception e){
e.printStackTrace();
}
}
@RequestMapping(value = "/authtoken", method = RequestMethod.POST)
public String authorize(
@RequestParam("code") String code,
@RequestParam("id_token") String idToken,
@RequestParam("state") UUID state,
HttpServletRequest servletRequest,
HttpServletResponse servletResponse) {
// Get the expected state value from the session
HttpSession session = servletRequest.getSession();
UUID expectedState = (UUID) session.getAttribute("expected_state");
UUID expectedNonce = (UUID) session.getAttribute("expected_nonce");
String strState = state.toString().trim().toLowerCase();
String strExState = expectedState.toString().trim().toLowerCase();
// Make sure that the state query parameter returned matches
// the expected state
if (strState.equals(strExState)){
session.setAttribute("authCode", code);
session.setAttribute("idToken", idToken);
System.out.println("Expectedstate : NO Error");
}else {
session.setAttribute("error", "Unexpected state returned from authority.");
System.out.println("\n\nUnexpected state returned from authority.");
}
return "authtoken";
}
@RequestMapping(value = "/getToken", method = RequestMethod.POST)
public void getToken(
HttpServletRequest servletRequest,
HttpServletResponse servletResponse) {
try{
HttpSession session = servletRequest.getSession();
String strCode = (String) session.getAttribute("authCode");
HttpClient httpClient = HttpClients.createDefault();
HttpPost httpPost = new HttpPost(tokenUrl);
httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
List <BasicNameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair("client_id", appId));
params.add(new BasicNameValuePair("client_secret", appPassword));
params.add(new BasicNameValuePair("redirect_uri", redirectUrl));
params.add(new BasicNameValuePair("code", strCode));
params.add(new BasicNameValuePair("grant_type", "authorization_code"));
httpPost.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
HttpResponse httpResponse = httpClient.execute(httpPost);
org.apache.http.HttpEntity entity = httpResponse.getEntity();
//String theString = IOUtils.toString(entity.getContent(), "UTF-8");
String strResponse = EntityUtils.toString(entity, "UTF-8");
System.out.println(strResponse);
strResponse = "{\"response\":["+strResponse+"]}";
System.out.println(strResponse);
JSONObject result = new JSONObject(strResponse); //Convert String to JSON Object
JSONArray tokenList = result.getJSONArray("response");
JSONObject objJson = tokenList.getJSONObject(0);
String accessToken = objJson.getString("access_token");
System.out.println(accessToken);
session.setAttribute("accessToken", accessToken);
}catch(Exception e){
e.printStackTrace();
}
}
@RequestMapping(value = "/showToken", method = RequestMethod.POST)
public String showToken(
@RequestParam("token_type") String code,
@RequestParam("expires_in") String idToken,
@RequestParam("access_token") String accessToken,
//@RequestParam("scope") String paramScope,
HttpServletRequest servletRequest,
HttpServletResponse servletResponse) {
return "getToken";
}
@RequestMapping("/logout")
public String logout(HttpServletRequest request) {
HttpSession session = request.getSession();
session.invalidate();
return "index";
}
private static String getScopes() {
StringBuilder sb = new StringBuilder();
for (String scope: scopes) {
sb.append(scope + " ");
}
String strscope = sb.toString().trim();
System.out.println(strscope);
return strscope;
}
}
import java.util.List;
导入java.util.ArrayList;
导入java.util.UUID;
导入javax.servlet.http.HttpServletRequest;
导入javax.servlet.http.HttpSession;
导入javax.servlet.http.HttpServletResponse;
导入org.apache.http.HttpResponse;
导入org.apache.http.client.HttpClient;
导入org.apache.http.client.entity.UrlEncodedFormEntity;
导入org.apache.http.client.methods.HttpPost;
导入org.apache.http.impl.client.HttpClients;
导入org.apache.http.message.BasicNameValuePair;
导入org.apache.http.util.EntityUtils;
导入org.json.JSONArray;
导入org.json.JSONObject;
导入org.springframework.stereotype.Controller;
导入org.springframework.ui.Model;
导入org.springframework.web.bind.annotation.RequestMapping;
导入org.springframework.web.bind.annotation.RequestMethod;
导入org.springframework.web.bind.annotation.RequestParam;
导入org.springframework.web.util.UriComponentsBuilder;
@控制器
公共类索引控制器{
//所有OAuth2URL
私有静态最终字符串权限=”https://login.microsoftonline.com";
私有静态最终字符串authorizeUrl=authority+“/common/oauth2/v2.0/authorize”;
私有静态最终字符串tokenUrl=authority+“/common/oauth2/v2.0/token”;
私有静态最终字符串重定向URL=”http://localhost:8080/OutlookProfiles/authtoken";
私有静态最终字符串reTokenUrl=”http://localhost:8080/OutlookProfiles/showToken";
//证书
专用静态最终字符串appId=“7414b3a3-26f1-4928-9d0b-7060d01dd41c”;
私有静态最终字符串appPassword=“cQg9F0EaxuaErNp2YEgYaz8”;
私有静态最终字符串[]作用域={
“openid”,
“离线访问”,
“个人资料”,
“User.Read”,
“联系人,请阅读”,
“邮件,阅读”
};
@RequestMapping(value=“/index”,method=RequestMethod.GET)
公共字符串索引(模型模型、HttpServletRequest请求、HttpServletResponse响应){
UUID state=UUID.randomUUID();
UUID nonce=UUID.randomuid();
//在会话中保存状态和nonce,以便
//验证身份验证过程重定向回后
HttpSession session=request.getSession();
session.setAttribute(“预期的_状态”,状态);
session.setAttribute(“预期值”,nonce);
返回“索引”;
}
@RequestMapping(value=“/oauthorize”,method=RequestMethod.POST)
public void oauthorize(模型模型,HttpServletRequest servletRequest,HttpServletResponse servletResponse){
试一试{
UUID state=UUID.randomUUID();
UUID nonce=UUID.randomuid();
HttpSession session=servletRequest.getSession();
session.setAttribute(“预期的_状态”,状态);
session.setAttribute(“预期值”,nonce);
setAttribute(“错误”,null);
UriComponentsBuilder urlBuilder=UriComponentsBuilder.fromHttpUrl(授权URL);
urlBuilder.queryParam(“客户id”,appId);
queryParam(“重定向uri”,重定向URL);
queryParam(“响应类型”、“代码id\u标记”);
queryParam(“scope”,getScopes());
urlBuilder.queryParam(“state”,state);
urlBuilder.queryParam(“nonce”,nonce);
queryParam(“响应模式”、“表单发布”);
String locationUri=urlBuilder.toUriString();
System.out.println(locationUri);
servletResponse.sendRedirect(locationUri);
}捕获(例外e){
e、 printStackTrace();
}
}
@RequestMapping(value=“/authtoken”,method=RequestMethod.POST)
公共字符串授权(
@RequestParam(“代码”)字符串代码,
@RequestParam(“id_令牌”)字符串idToken,
@RequestParam(“状态”)UUID状态,
HttpServletRequest servletRequest,
HttpServletResponse(服务响应){
//从会话中获取期望的状态值
HttpSession session=servletRequest.getSession();
UUID expectedState=(UUID)session.getAttribute(“预期的_状态”);
UUID expectedNonce=(UUID)session.getAttribute(“expected_nonce”);
字符串strState=state.toString().trim().toLowerCase();
String strExState=expectedState.toString().trim().toLowerCase();
//确保返回的状态查询参数匹配
//期望状态
if(strState.equals(strExState)){
session.setAttribute(“authCode”,code);
setAttribute(“idToken”,idToken);
System.out.println(“