对于IMAP.ACCESSUSER.ALL SCOPE ADSTS65001:用户或管理员尚未同意使用该应用程序
在我的Java Web应用程序中,我想使用Jakarta Mail访问用户的邮箱。为此,我遵循 https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-to-to-to-authenticate-antenticate-an--an-imap-pop-pop-pop-smtp -OAuth2授权代码流。
在Azure端口上,我设置了我的应用程序,并在下面添加了API权限,如
现在用户正在重定向到授权端点下方:
同意REDIRECT_URI被验证代码击中。基于该验证代码,我形成了令牌端点URL并从服务器击中它,令牌端点如下:
revestmt
client_id=b6067ad9-7195-430b-a35d-97b7aa7beb8f
scope=offline_access%20https%3A%2F%2Foutlook.office.com%2FIMAP.AccessAsUser.All
redirect_uri=http://localhost:8080/callback/microsoft
grant_type=authorization_code
client_secret=QUs8Q~aboLBiopTezMTKwzQjIwWsFFXjc2kCRaRs (I know I have shared the secret)
code={code received from authorize end point}
https://login.microsoftonline.com/5426ee07-9b73-4a9e-8075-395-395-395ab4395b439c6c6fa/oauth2/oauth2/oauth22/oauth22/oauth22/c.0/ 对于此帖子请求为:
{“错误”:“ Invalid_grant”,“ error_description”:“ AADSTS65001:尚未同意将应用程序与ID'B6067AD9-7195-430B-A35D-97b7aaa7beb8f命名的ID'B6067AD9-7195-430B-a连接器'发送此用户和资源的交互式授权请求。 -06-07 19:51:30z“,“ error_codes”:[65001],“时间戳”:“ 2022-06-07 19:51:30z”,“ trace_id”:“ dc008ced-e23f-4919-bd45-bd45-bd45-b7Aeae7Aeae7c68b000 “,” correlation_id”:“ 9B6EDE03-3C05-4A78-8975-036A3CB20773”,“ SUBERROR”:“ CONSENT_REQUIREID”}
在这里,我不明白为什么该错误是说明了该错误是用户不同意使用该应用程序的,在授权终点输入凭据之后,用户已接受了同意。如果我们查看上面的屏幕截图已经授予了访问目录的赠款,则更多事件。
In my java web application I want to get access to user's mailbox by using jakarta mail. For that purpose I followed https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth for OAuth2 authorization code flow.
On Azure port I setup my app and added API permissions as below
Now user is redirecting to below authorize endpoint:
After entering credentials and accepting the consent redirect_uri gets hit with auth code. Based on that auth code I formed token endpoint URL and hitting it from server, the token endpoint is as follow:
URL: https://login.microsoftonline.com/5426ee07-9b73-4a9e-8075-395ab439c6fa/oauth2/v2.0/token
Form Data:
client_id=b6067ad9-7195-430b-a35d-97b7aa7beb8f
scope=offline_access%20https%3A%2F%2Foutlook.office.com%2FIMAP.AccessAsUser.All
redirect_uri=http://localhost:8080/callback/microsoft
grant_type=authorization_code
client_secret=QUs8Q~aboLBiopTezMTKwzQjIwWsFFXjc2kCRaRs (I know I have shared the secret)
code={code received from authorize end point}
Response to this post request comes as:
{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID 'b6067ad9-7195-430b-a35d-97b7aa7beb8f' named 'Email Connector'. Send an interactive authorization request for this user and resource.\r\nTrace ID: dc008ced-e23f-4919-bd45-b7ae7c68b000\r\nCorrelation ID: 9b6ede03-3c05-4a78-8975-036a3cb20773\r\nTimestamp: 2022-06-07 19:51:30Z","error_codes":[65001],"timestamp":"2022-06-07 19:51:30Z","trace_id":"dc008ced-e23f-4919-bd45-b7ae7c68b000","correlation_id":"9b6ede03-3c05-4a78-8975-036a3cb20773","suberror":"consent_required"}
Here, I don't understand why the error is saying The user or administrator has not consented to use the application, user has accepted the consent after entering credentials on authorize end point. Event more If we look at the screenshot above admin has already given grant to access the directory.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我试图在环境中重现相同的方案,并获得了与以下相同的错误:
解决错误,请检查
授权端点您正在使用来获取代码。从上面的授权端点获取
代码。在修改终点之后,我成功获得了访问令牌:
以验证访问token在<<< a href =“ https://jwt.io” rel =“ nofollow noreferrer”> jwt.io 并检查
aud> aud和scp索赔如下:I tried to reproduce the same scenario in my environment and got the same error as below:
To resolve the error, please check the
authorize endpointyou are using to get the code.Get the
codefrom the above authorization endpoint.I got the access token successfully after modifying the endpoint like below:
To validate the access token decode it in jwt.io and check the
audandscpclaims like below: