MailKit Office365 AcquireTokenInteractive需要client_secret
因此,这是一个困扰我的问题,我的截止日期即将到来。我正在研究发送电子邮件的应用程序,我的工作场所使用Office365通过Exchange使用。我正在使用C#WebApp并使用MailKit传递电子邮件。
这个问题(不是真正的问题,而是妨碍我的好习惯)是我们制作了一个电子邮件帐户来传递邮件,但我们的组织需要MFA。在与我的导演谈论它之后,创建应用程序密码对于如何部署该程序并不是一个好主意,因此我试图找到正确身份验证的方法。
最终,我使用Microsoft.Identity.Client库需要通过注册的Azure应用程序登录。然后,我可以缓存此并根据需要进行刷新,这样,请确保访问仍然有效。
但是,我陷入了某件事。我将APP注册设置为公开,没有客户秘密或所有必要权限的证书。但是,在VAR OAUTH2步骤中,它在给出错误时会失败“原始异常:AADSTS7000218:请求主体必须包含以下参数:'client_assertion'或'client_secret'。
问题是该应用程序是公开的,并且被定义为允许公共客户流量。因此,当我根本无法构建请求时,我无法获得该请求仍然需要客户秘密。我尝试使用私人,但是由于MFA要求,但也失败了。
以下是我所拥有的。忽略我在硬编码方面;这是暂时的,直到我可以解决这个问题。我也只在SMTP权限上进行范围,因为该应用程序所需要做的就是发送电子邮件;不需要IMAP,因为它没有阅读或其他任何内容。
var options = new PublicClientApplicationOptions
{
ClientId = "[clientID]",
TenantId = "[tenandID]",
RedirectUri = "http://localhost"
};
var publicClientApplication = PublicClientApplicationBuilder
.CreateWithApplicationOptions(options)
.Build();
var scopes = new string[] {
"email",
"offline_access",
"https://outlook.office.com/SMTP.Send" // Only needed for SMTP
};
var authToken = await publicClientApplication.AcquireTokenInteractive(scopes).ExecuteAsync();
//Here is where it returns that it needs a client_secret and won't advance.
// The login window appears and states it was successfully authenticated,
// but the application crashes with that error at this step.
var oauth2 = new SaslMechanismOAuth2(Config.Env.smtpUser, authToken.AccessToken);
So this is an issue that has been plaguing me for a bit and my deadline is coming up. I'm working on an application that sends emails and my workplace uses Office365 via Exchange. I'm using a C# webapp and using Mailkit to deliver emails.
The issue (not really an issue but good practice that's getting in my way) is that we made an email account to deliver mail yet our organization requires MFA. After talking about it with my director, creating an app password would not be a good idea for how this program is deployed so I'm trying to find ways to authenticate properly.
I eventually landed on using the Microsoft.Identity.Client library to require logging in via a registered Azure application. I could then cache this and refresh as needed, this way making sure the access is still valid.
However, I'm stuck on something. I have the app registration set to public with no client secrets or certificates with all of the necessary permissions. However right at the var oauth2 step, it fails while giving the error "Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'."
The issue is that the application is public and is defined to allow public client flows. So I'm not getting how the request could still require a client secret when that's not how I'm building the request at all. I tried using private, but because of the MFA requirement, that fails too.
Below is what I have. Ignore that I'm hard coding stuff; it's temporary until I can get this sorted out. I'm also only scoping the SMTP permissions because all this application needs to do is send an email; IMAP isn't needed since it's not reading or anything else.
var options = new PublicClientApplicationOptions
{
ClientId = "[clientID]",
TenantId = "[tenandID]",
RedirectUri = "http://localhost"
};
var publicClientApplication = PublicClientApplicationBuilder
.CreateWithApplicationOptions(options)
.Build();
var scopes = new string[] {
"email",
"offline_access",
"https://outlook.office.com/SMTP.Send" // Only needed for SMTP
};
var authToken = await publicClientApplication.AcquireTokenInteractive(scopes).ExecuteAsync();
//Here is where it returns that it needs a client_secret and won't advance.
// The login window appears and states it was successfully authenticated,
// but the application crashes with that error at this step.
var oauth2 = new SaslMechanismOAuth2(Config.Env.smtpUser, authToken.AccessToken);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论