我的 Azure 应用程序是单页应用程序,当尝试通过邀请实现电子邮件注册时,我收到错误:
AADB2C99059: The supplied request must present a code_challenge
我们的应用程序服务器是否会生成此 code_challenge,还是 Azure B2C 应该为我们执行此操作?另外,我们到底应该如何生成code_challenge?
最佳答案
您需要通过代码生成 code_challenge
并将其传递到请求 URL,并在获取访问 token 时使用 code_verifier
。
C# 示例:
using IdentityModel;
using System;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace PKCEConsoleApp2
{
class Program
{
static void Main(string[] args)
{
var random = new Random();
int cvlength = random.Next(43, 128);
const string chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
var codeVerifier = new string (Enumerable.Repeat(chars, cvlength).Select(s => s[random.Next(s.Length)]).ToArray());
string codeChallenge;
using (var sha256 = SHA256.Create())
{
var a = Encoding.UTF8.GetBytes(codeVerifier);
var challengeBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier));
codeChallenge = Base64Url.Encode(challengeBytes);
/* Alternatively instead of using Base64Url.Encode method, the code below can accomplish the same result:
var result = Convert.ToBase64String(challengeBytes)
.Replace('+', '-') // replace URL unsafe characters with safe ones
.Replace('/', '_') // replace URL unsafe characters with safe ones
.Replace("=", ""); // no padding
*/
}
Console.WriteLine("codeVerifier " + codeVerifier + "\n");
Console.WriteLine("codeChallenge " + codeChallenge + "\n");
Console.ReadLine();
}
}
}
关于Azure B2C : Generating the code_challenge,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67962696/