ruby - 在 Azure AD 中通过 Graph API 创建应用程序时获取 'Service_InternalServerError'

Question

我正在尝试以编程方式在 Azure AD 中创建应用程序。 我在管理门户中添加了初始应用程序，并授予了 Graph Api 和 Active Directory 的权限(两者中的目录读/写)。

首先我获取授权码，示例网址格式如下:

uri = Addressable::URI.parse('https://login.microsoftonline.com/common/oauth2/authorize')
  uri.query_values = {
    response_type: 'code',
    response_mode: 'form_post',
    client_id: <Application ID>,
    redirect_uri: <Redirect URI>,   
    resource: 'https://graph.windows.net/',
    state: <UUID>,
  }

之后我通过以下请求获取身份验证 token :

client = OAuth2::Client.new(client_id,
                          client_secret,
                          :site => 'https://login.microsoftonline.com',
                          :authorize_url => '/common/oauth2/authorize',
                          :token_url => '/common/oauth2/token')

auth_token = client.auth_code.get_token(auth_code,
                                 :redirect_uri => redirect_uri,
                                 :scope => 'openid'

最后我可以对应用程序端点进行图形 API 调用以添加应用程序:

graph_url = 'https://graph.windows.net/<TENANT ID>/applications?api-version=1.6'
body = {
  'identifierUris' => ['<URI>'],
  'availableToOtherTenants' => true,
  'homepage' => <Home PAGE>,
  'replyURLs' => <SOME REPLY URL>,
  'displayName' => <APP DISPLAY NAME>,
}
headers = {'Content-Type' => 'application/json','Authorization' =>  "Bearer #{auth_token.token}"}
conn = Faraday.new(graph_url, {headers: headers})
res = conn.post graph_url, body.to_json

作为回应，我收到以下错误，该错误不是很具有描述性，并且不确定出了什么问题:

{"odata.error"=>{"code"=>"Service_InternalServerError", "message"=>{"lang"=>"en", "value"=>"Encountered an internal server error."}}}

如有任何建议，我们将不胜感激。

Answer 1

我解决了我的问题，在尝试创建应用程序时出现内部错误。 为 http 请求形成“正文”时要小心。我在“replyUrls”属性中的 url 末尾添加了额外的“/”。为每个属性添加数据类型也很重要。这是对我有用的示例请求:

body = {
  "odata.type" => "Microsoft.DirectoryServices.Application",
  "identifierUris" => ["https://mynamehere.com/#{someidentifier}"],
  "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="8ee7eaebe0fae7e8e7ebfcdbfce7fdcee1eaeffaefa0faf7feeb" rel="noreferrer noopener nofollow">[email protected]</a>" => "Collection(Edm.String)",
  "availableToOtherTenants" => true,
  "homepage" => 'https://myhomepage.com',
  "replyURLs" => ["http://localhost:3000/someUrl"],
  "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="6f1d0a1f03163a3d231c2f000b0e1b0e411b161f0a" rel="noreferrer noopener nofollow">[email protected]</a>" => "Collection(Edm.String)",
  "displayName" => 'This is my app',   
 }

以下是有用的博客链接:

http://blog.mszcool.com/index.php/2016/06/a-deep-dive-into-azure-ad-multi-tenant-apps-oauthopenidconnect-flows-admin-consent-and-azure-ad-graph-api/