Oauth 2.0 Microsoft Graph Oauth2-获取;401-未经授权:由于凭据无效,访问被拒绝”;
当我尝试使用microsoft帐户登录到我的web应用程序时,出现以下错误:Oauth 2.0 Microsoft Graph Oauth2-获取;401-未经授权:由于凭据无效,访问被拒绝”;,oauth-2.0,microsoft-graph-api,omniauth,Oauth 2.0,Microsoft Graph Api,Omniauth,当我尝试使用microsoft帐户登录到我的web应用程序时,出现以下错误: { "error": { "code": "UnknownError", "message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"request-id": "caee116c-483e-4d88-814a-721ce92c6b74",
"date": "2018-08-10T19:18:47"
}
}
}
这是omniauth策略定义:
module OmniAuth
module Strategies
class MicrosoftGraphOauth2 < OmniAuth::Strategies::OAuth2
option :name, :microsoft_graph_oauth2
option :client_options, site: 'https://login.microsoftonline.com',
token_url: '/common/oauth2/v2.0/token',
authorize_url: '/common/oauth2/v2.0/authorize'
option :authorize_options, %i[
display score auth_type
scope prompt
login_hint domain_hint
response_mode
]
uid { raw_info['id'] }
info do
{
email: raw_info['mail'] || raw_info['userPrincipalName'],
first_name: raw_info['givenName'],
last_name: raw_info['surname'],
name: full_name,
nickname: raw_info['userPrincipalName']
}
end
extra do
{
'raw_info' => raw_info,
'params' => access_token.params
}
end
def callback_url
options[:redirect_uri] || (full_host + script_name + callback_path)
end
def raw_info
@raw_info ||= access_token.get(
'https://graph.microsoft.com/v1.0/me'
).parsed
end
def authorize_params
super.tap do |params|
%w[display score auth_type].each do |v|
next unless request.params[v]
params[v.to_sym] = request.params[v]
end
end
end
def full_name
raw_info['displayName'].presence ||
raw_info.values_at('givenName', 'surname').compact.join(' ')
end
end
end
end
module OmniAuth
模块策略
类MicrosoftGraphAuth2原始信息,
“params”=>access_token.params
}
结束
def回调url
选项[:重定向_uri]| |(完整的_主机+脚本_名称+回调_路径)
结束
def原始信息
@原始信息| |=访问令牌.get(
'https://graph.microsoft.com/v1.0/me'
).解析
结束
def authorize_参数
super.tap do| params|
%w[显示分数验证类型]。每个do | v|
下一步,除非请求。参数[v]
params[v.to_sym]=请求参数[v]
结束
结束
结束
def全名
原始信息['displayName'].状态||
原始信息值位于('givenName',姓氏').compact.join('')
结束
结束
结束
结束
我错过了什么?我在任何地方都找不到这个错误的原因。
似乎这是Microsoft应用程序定义中的一些配置问题,但idk what…在更新委派权限后解决了此问题<代码>电子邮件、配置文件是“传统”(office365 v2 API)权限,应替换为
用户。阅读
以正确验证graph(v1)API
module OmniAuth
module Strategies
class MicrosoftGraphOauth2 < OmniAuth::Strategies::OAuth2
option :name, :microsoft_graph_oauth2
option :client_options, site: 'https://login.microsoftonline.com',
token_url: '/common/oauth2/v2.0/token',
authorize_url: '/common/oauth2/v2.0/authorize'
option :authorize_options, %i[
display score auth_type
scope prompt
login_hint domain_hint
response_mode
]
uid { raw_info['id'] }
info do
{
email: raw_info['mail'] || raw_info['userPrincipalName'],
first_name: raw_info['givenName'],
last_name: raw_info['surname'],
name: full_name,
nickname: raw_info['userPrincipalName']
}
end
extra do
{
'raw_info' => raw_info,
'params' => access_token.params
}
end
def callback_url
options[:redirect_uri] || (full_host + script_name + callback_path)
end
def raw_info
@raw_info ||= access_token.get(
'https://graph.microsoft.com/v1.0/me'
).parsed
end
def authorize_params
super.tap do |params|
%w[display score auth_type].each do |v|
next unless request.params[v]
params[v.to_sym] = request.params[v]
end
end
end
def full_name
raw_info['displayName'].presence ||
raw_info.values_at('givenName', 'surname').compact.join(' ')
end
end
end
end