我正在使用“PHP League oauth2-client”来获取特定用户的详细信息。
但出现错误:
Array
(
[error] => Array
(
[code] => InvalidAuthenticationToken
[message] => Access token validation failure. Invalid audience.
[innerError] => Array
(
[request-id] => <reuest-id>
[date] => 2019-06-13T07:44:01
)
)
)
我已经通过了 clientId ,clientSecret ,redirectUri ,urlAuthorize , urlAccessToken , urlResourceOwnerDetails 并获得了authorizationUrl 。当我点击 AuthorizationUrl 时,它会使用代码 ,state,session_state 正确重定向。 我只是使用这段代码并获得了 accesstoken 数组。 使用 accesstoken 数组,我调用 ' https://graph.microsoft.com/v1.0/me/ 'api 获取用户详细信息。但出现错误,即访问 token 验证失败。无效受众。
实际上,我正在尝试使用 Microsoft 登录
$provider = new \League\OAuth2\Client\Provider\GenericProvider([
'clientId' => '<cid>', // The client ID assigned to you by the provider
'clientSecret' => '<clientSecret>', // The client password assigned to you by the provider
'redirectUri' => 'https://mywebsideurl',
'urlAuthorize' => 'https://login.microsoftonline.com/<tenant_id>/oauth2/authorize',
'urlAccessToken' => 'https://login.microsoftonline.com/<tenant_id>/oauth2/token',
'urlResourceOwnerDetails' => 'https://graph.microsoft.com/v1.0/users/<my-microsoft-mail-id>',
]);
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => '<code>'
]);
$request = $provider->getAuthenticatedRequest(
'GET',
'https://graph.microsoft.com/v1.0/me/',
$accessToken
);
错误:
Array
(
[error] => Array
(
[code] => InvalidAuthenticationToken
[message] => Access token validation failure. Invalid audience.
[innerError] => Array
(
[request-id] => <some id>
[date] => 2019-06-12T07:36:49
)
)
)
我有解析服务器响应:
GuzzleHttp\Psr7\Response Object
(
[reasonPhrase:GuzzleHttp\Psr7\Response:private] => Unauthorized
[statusCode:GuzzleHttp\Psr7\Response:private] => 401
[headers:GuzzleHttp\Psr7\Response:private] => Array
(
[Content-Type] => Array
(
[0] => application/json; charset=utf-8
)
[request-id] => Array
(
[0] => <rid>
)
[client-request-id] => Array
(
[0] => <client-request-id>
)
[x-ms-ags-diagnostic] => Array
(
[0] => {"ServerInfo":{"DataCenter":"<some place name here>","Slice":"SliceC","Ring":"<some number>","ScaleUnit":"<something>","RoleInstance":"something","ADSiteName":"something"}}
)
[WWW-Authenticate] => Array
(
[0] => Bearer realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", client_id="<some id here>"
)
[Strict-Transport-Security] => Array
(
[0] => max-age=31536000
)
[Date] => Array
(
[0] => Thu, 13 Jun 2019 07:44:01 GMT
)
[Content-Length] => Array
(
[0] => <some length>
)
)
[headerNames:GuzzleHttp\Psr7\Response:private] => Array
(
[content-type] => Content-Type
[request-id] => request-id
[client-request-id] => client-request-id
[x-ms-ags-diagnostic] => x-ms-ags-diagnostic
[www-authenticate] => WWW-Authenticate
[strict-transport-security] => Strict-Transport-Security
[date] => Date
[content-length] => Content-Length
)
[protocol:GuzzleHttp\Psr7\Response:private] => 1.1
[stream:GuzzleHttp\Psr7\Response:private] => GuzzleHttp\Psr7\Stream Object
(
[stream:GuzzleHttp\Psr7\Stream:private] => Resource id #<some_id>
[size:GuzzleHttp\Psr7\Stream:private] => <some number>
[seekable:GuzzleHttp\Psr7\Stream:private] => 1
[readable:GuzzleHttp\Psr7\Stream:private] => 1
[writable:GuzzleHttp\Psr7\Stream:private] => 1
[uri:GuzzleHttp\Psr7\Stream:private] => php://temp
[customMetadata:GuzzleHttp\Psr7\Stream:private] => Array
(
)
)
)
As per my observation server return WWW-Authenticate url is wrong , it should be https://login.microsoftonline.com/tenant_id/oauth2/authorize .
Is there any way to config WWW-Authenticate url from azure back-end ??
最佳答案
提供程序的配置不正确。要允许 Microsoft 帐户登录,您应该使用 Microsoft identity platform v2.0 endpoint 。当您在 Azure 门户上注册应用程序时,请记住将支持的帐户类型设置为任何组织目录中的帐户和个人 Microsoft 帐户。
这是一个sample供你引用。
$oauthClient = new \League\OAuth2\Client\Provider\GenericProvider([
'clientId' => env('OAUTH_APP_ID'),
'clientSecret' => env('OAUTH_APP_PASSWORD'),
'redirectUri' => env('OAUTH_REDIRECT_URI'),
'urlAuthorize' => env('OAUTH_AUTHORITY').env('OAUTH_AUTHORIZE_ENDPOINT'),
'urlAccessToken' => env('OAUTH_AUTHORITY').env('OAUTH_TOKEN_ENDPOINT'),
'urlResourceOwnerDetails' => '',
'scopes' => env('OAUTH_SCOPES')
]);
OAUTH_APP_ID=YOUR_APP_ID_HERE
OAUTH_APP_PASSWORD=YOUR_APP_PASSWORD_HERE
OAUTH_REDIRECT_URI=http://localhost:8000/authorize
OAUTH_SCOPES='openid profile offline_access User.Read Mail.Read'
OAUTH_AUTHORITY=https://login.microsoftonline.com/common
OAUTH_AUTHORIZE_ENDPOINT=/oauth2/v2.0/authorize
OAUTH_TOKEN_ENDPOINT=/oauth2/v2.0/token
关于php - 无法使用 Microsoft 帐户登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56577888/