invalid_scope error AADSTS70011, Why I am getting this error(invalid_scope 错误 AADSTS70011,为什么我会收到此错误)
问题描述
public string[] scopes1 = new string[]{"https://graph.microsoft.com/User.Read","https://graph.microsoft.com/User.ReadWrite","https://graph.microsoft.com/User.ReadBasic.All","https://graph.microsoft.com/Mail.Send","https://graph.microsoft.com/Calendars.ReadWrite","https://graph.microsoft.com/Mail.ReadWrite","https://graph.microsoft.com/Files.ReadWrite",};公共异步任务<字符串>GetAccessToken2(){字符串 url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?";//https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?使用 (var client = new HttpClient()){client.BaseAddress = new Uri(url);//我们希望响应是 JSON.client.DefaultRequestHeaders.Accept.Clear();client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));//将数据构建到 POST.列表<KeyValuePair<字符串,字符串>>postData = 新列表<KeyValuePair<字符串,字符串>>();postData.Add(new KeyValuePair<string, string>("grant_type", "client_credentials"));postData.Add(new KeyValuePair<string, string>("client_id", appId));postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));postData.Add(new KeyValuePair<string, string>("response_type", "code"));postData.Add(new KeyValuePair<string, string>("response_mode", "query"));//postData.Add(new KeyValuePair("client_secret", appPassword));//postData.Add(new KeyValuePair("client_secret", appPassword));postData.Add(new KeyValuePair<string, string>("redirect_uri", "http://localhost/5341/Home/AddC"));postData.Add(new KeyValuePair<string, string>("Scope",string.Join(" ", scopes1)));//"openid offline_access https://graph.microsoft.com/mail.read"));postData.Add(new KeyValuePair<string, string>("state", "12345"));FormUrlEncodedContent 内容 = 新 FormUrlEncodedContent(postData);//发布到服务器并解析响应.HttpResponseMessage 响应 = 等待 client.PostAsync("Token", content);字符串 jsonString = 等待 response.Content.ReadAsStringAsync();对象响应数据 = JsonConvert.DeserializeObject(jsonString);//返回访问令牌.返回((动态)响应数据).access_token;}} <块引用>
{"error":"invalid_scope","error_description":"AADSTS70011:为输入参数范围"提供的值无效.范围https://graph.microsoft.com/User.Readhttps://graph.microsoft.com/User.ReadWritehttps://graph.microsoft.com/User.ReadBasic.Allhttps://graph.microsoft.com/Mail.Sendhttps://graph.microsoft.com/Calendars.ReadWritehttps://graph.microsoft.com/Mail.ReadWritehttps://graph.microsoft.com/Files.ReadWrite 无效. Trace ID:17e465ac-9aca-4615-8021-f48ee8f00900 相关 ID:47a584ed-07ca-4a51-bdd1-8cb7364de3ee 时间戳:2017-09-1512:39:26Z","error_codes":[70011],"timestamp":"2017-09-1512:39:26Z","trace_id":"17e465ac-9aca-4615-8021-f48ee8f00900","correlation_id":"47a584ed-07ca-4a51-bdd1-8cb7364de3ee"}
调用 https://login.microsoftonline.com/common/oauth2/v2.0/authorize 是一个 HTTP GET,而不是 POST.它是获取授权码并向 https://login.microsoftonline.com/common/oauth2/v2.0/token 发出 POST 的回调函数.
初始 GET 的原型是(为了便于阅读而换行):
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=[应用程序 ID]&response_type=代码&redirect_uri=[重定向 URI]&范围=[范围]第二阶段发出POST.该原型是:
POST URL:https://login.microsoftonline.com/common/oauth2/v2.0/tokenPOST HEADER:内容类型:application/x-www-form-urlencodedPOST BODY:grant_type=authorization_code&code=[AUTHORIZATION CODE]&client_id=[应用程序 ID]&client_secret=[密码]&scope=[范围]&redirect_uri=[重定向 URI]也不是说这不是 JSON,Content-Type 是 application/x-www-form-urlencoded.
我不久前写了一篇文章,介绍了使用 v2 端点的授权代码流程,您可能会发现它很有帮助:Microsoft v2 Endpoint Primer
public string[] scopes1 = new string[]
{
"https://graph.microsoft.com/User.Read",
"https://graph.microsoft.com/User.ReadWrite",
"https://graph.microsoft.com/User.ReadBasic.All",
"https://graph.microsoft.com/Mail.Send",
"https://graph.microsoft.com/Calendars.ReadWrite",
"https://graph.microsoft.com/Mail.ReadWrite",
"https://graph.microsoft.com/Files.ReadWrite",
};
public async Task<string> GetAccessToken2()
{
string url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?";//https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
using (var client = new HttpClient())
{
client.BaseAddress = new Uri(url);
// We want the response to be JSON.
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
// Build up the data to POST.
List<KeyValuePair<string, string>> postData = new List<KeyValuePair<string, string>>();
postData.Add(new KeyValuePair<string, string>("grant_type", "client_credentials"));
postData.Add(new KeyValuePair<string, string>("client_id", appId));
postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
postData.Add(new KeyValuePair<string, string>("response_type", "code"));
postData.Add(new KeyValuePair<string, string>("response_mode", "query"));
// postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
//postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
postData.Add(new KeyValuePair<string, string>("redirect_uri", "http://localhost/5341/Home/AddC"));
postData.Add(new KeyValuePair<string, string>("Scope",string.Join(" ", scopes1)));// "openid offline_access https://graph.microsoft.com/mail.read"));
postData.Add(new KeyValuePair<string, string>("state", "12345"));
FormUrlEncodedContent content = new FormUrlEncodedContent(postData);
// Post to the Server and parse the response.
HttpResponseMessage response = await client.PostAsync("Token", content);
string jsonString = await response.Content.ReadAsStringAsync();
object responseData = JsonConvert.DeserializeObject(jsonString);
// return the Access Token.
return ((dynamic)responseData).access_token;
}
}
{"error":"invalid_scope","error_description":"AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.ReadWrite https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/Mail.Send https://graph.microsoft.com/Calendars.ReadWrite https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/Files.ReadWrite is not valid. Trace ID: 17e465ac-9aca-4615-8021-f48ee8f00900 Correlation ID: 47a584ed-07ca-4a51-bdd1-8cb7364de3ee Timestamp: 2017-09-15 12:39:26Z","error_codes":[70011],"timestamp":"2017-09-15 12:39:26Z","trace_id":"17e465ac-9aca-4615-8021-f48ee8f00900","correlation_id":"47a584ed-07ca-4a51-bdd1-8cb7364de3ee"}
The call to https://login.microsoftonline.com/common/oauth2/v2.0/authorize is an HTTP GET, not a POST. It is the callback function that takes the authorization code and issues a POST to https://login.microsoftonline.com/common/oauth2/v2.0/token.
The prototype for the initial GET is (new lines for readability):
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=[APPLICATION ID]&
response_type=code&
redirect_uri=[REDIRECT URI]&
scope=[SCOPE]
The second stage issues a POST. That prototype is:
POST URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
POST HEADER: Content-Type: application/x-www-form-urlencoded
POST BODY: grant_type=authorization_code&code=[AUTHORIZATION CODE]&
client_id=[APPLICATION ID]&client_secret=[PASSWORD]
&scope=[SCOPE]&redirect_uri=[REDIRECT URI]
Also not that this isn't JSON, the Content-Type is application/x-www-form-urlencoded.
I wrote an article a while back that walks through the Authorization Code Flow with the v2 Endpoint, you might find it helpful: Microsoft v2 Endpoint Primer
这篇关于invalid_scope 错误 AADSTS70011,为什么我会收到此错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:invalid_scope 错误 AADSTS70011,为什么我会收到此错误
基础教程推荐
- 经典 Asp 中的 ResolveUrl/Url.Content 等效项 2022-01-01
- 是否可以在 asp classic 和 asp.net 之间共享会话状态 2022-01-01
- 全局 ASAX - 获取服务器名称 2022-01-01
- 首先创建代码,多对多,关联表中的附加字段 2022-01-01
- JSON.NET 中基于属性的类型解析 2022-01-01
- 如何动态获取文本框中datagridview列的总和 2022-01-01
- 在 VS2010 中的 Post Build 事件中将 bin 文件复制到物 2022-01-01
- 从 VS 2017 .NET Core 项目的发布目录中排除文件 2022-01-01
- 错误“此流不支持搜索操作"在 C# 中 2022-01-01
- 将事件 TextChanged 分配给表单中的所有文本框 2022-01-01
