当前位置: 文江博客 话题详情

错误&quort'aadsts50194:应用程序&#xxxxxxxxx'不配置为多租户应用程序。使用' azure/msal-browser' ReactJS软件包

发布于 2025-02-10 02:08:43 字数 5056 浏览 2 评论 0 原文

我有一个用于使用“ Azure/MSAL-BROWSER” ReactJS软件包登录到Azure AD的水疗应用程序。

该应用程序设置为在Azure应用程序注册处使用单个租户身份验证。 authconfig.js 文件也设置为使用单个租户身份验证,但是我一直遇到错误:

AADSTS50194: Application 'xxxxxxxx' is not configured as a multi-tenant application

我找到了类似的帖子,但是所有这些都指向设置权威参数,我已经完成了。

我试图实现的情况是带有页面重定向的无声登录。这是官方示例我正在基于实现。

在这里,重新创建的步骤:

  1. 安装msal-browser

  2. 根据您的应用程序注册配置Authconfig.js文件:

      const msalconfig = {
  auth:{
     客户端:“应用程序(客户端)ID”,
     权威:“ https://login.microsoftonline.com/<; directory(tenant)id&gt;/”,
     redirecturi:“&lt; app url(必须是SPA应用程序类型的允许的URL重定向)&gt;''
},,
...
导出const loginrequest = {
    范围:[“ openID”,“ user.read”]
};

  3. 和以获取令牌的代码:

     来自“@azure/msal-browser”的导入{ublitClientApplication};
 从“ ../../../authconfig”导入{loginRequest};

 //这是我的简化版本的样本中存在的方法`getTokenRedirect`。

 导出const carceireDtoken = async(msalinstanceparam)=&gt; {

     const msalinstance = new ubliClientApplication(loginRequest);
     const activeAccount = msalinstance.getActiveAccount(); 
     const Account = msalinstance.getAllAccounts();

     const request = {
         范围:[“ user.read”],
         帐户:activeAccount ||帐户[0]
     };

     const authresult =等待msalinstance.acquiretokensilent(请求); //抛出http code 400带有消息“ AADSTS50194 ...”的错误
     返回authresult.idtoken
 };

有趣的是,我能够成功登录,重定向到Spa应用程序,获取令牌,从令牌中检索用户名,但是由于某种原因,应用程序调用我在控制台中遇到了这个错误。

有线索吗?

浏览器日志(更新):

[HMR] Waiting for update signal from WDS...
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - useAccount - Updating account
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - Emitting event: msal:handleRedirectStart
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - MsalProvider - msal:handleRedirectStart results in setting inProgress from startup to handleRedirect
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : [78728aa2-9ecd-4399-994a-4d8ab8801b13] : [email protected] : Info - handleRedirectPromise called but there is no interaction in progress, returning null.
RequestInterceptor.tsx:27 Wrapped Fetch started for resource planning
GetToken.js:22 acquire token ...
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - useAccount - Updating account
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - Emitting event: msal:handleRedirectEnd
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - MsalProvider - msal:handleRedirectEnd results in setting inProgress from handleRedirect to none
RequestInterceptor.tsx:27 Wrapped Fetch started for resource https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - useAccount - Updating account
RequestInterceptor.tsx:27 Wrapped Fetch started for resource https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
RequestInterceptor.tsx:27 Wrapped Fetch started for resource https://login.microsoftonline.com/common/oauth2/v2.0/token
RequestInterceptor.tsx:33
RequestInterceptor.tsx:33          POST https://login.microsoftonline.com/common/oauth2/v2.0/token 400 (Bad Request)

显然,通过检查日志,端点发现提供了覆盖设置的权限URL:

https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
原文

I have a SPA app that is trying to login to Azure AD using 'azure/msal-browser' reactjs package.

The app is set to use a single tenant authentication at Azure App registration.
The authConfig.js file is set to use single tenant Authentication as well, but i keep getting the error:

AADSTS50194: Application 'xxxxxxxx' is not configured as a multi-tenant application

I found similar posts but all then point to set authority parameter, what i had already done.

The scenario i am trying to implement is the silent login with page redirect. This is the official sample that i'm basing my implementation.

Here the steps to recreate:

  1. install msal-browser

  2. Configure the AuthConfig.js file according with your app registration:

    const msalConfig = {
  auth: {
     clientId: "Application (client) ID",
     authority: "https://login.microsoftonline.com/<Directory (tenant) ID>/",
     redirectUri: "<app url(must be a allowed URL redirect for SPA application type)>"
},
...
export const loginRequest = {
    scopes: ["openid", "User.Read"]
};

  3. And the code to acquire the token:

     import { PublicClientApplication } from "@azure/msal-browser";
 import { loginRequest} from "../../authConfig";

 // this is my simplified version of the method `getTokenRedirect` present in the sample.

 export const acquireIdToken = async (msalInstanceParam) => {

     const msalInstance = new PublicClientApplication(loginRequest);
     const activeAccount = msalInstance.getActiveAccount(); 
     const accounts = msalInstance.getAllAccounts();

     const request = {
         scopes: ["User.Read"],
         account: activeAccount || accounts[0]
     };

     const authResult = await msalInstance.acquireTokenSilent(request);//throws http code 400 error with message 'AADSTS50194 ...'
     return authResult.idToken
 };

The funny thing is that i'm able to login successfully, be redirect to the SPA app, get the token, retrieve the user name from the token, but for some reason the app calls https://login.microsoftonline.com/common/oauth2/v2.0/token and i get this error in the console.

Any clues?

The browser log (updated):

[HMR] Waiting for update signal from WDS...
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - useAccount - Updating account
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - Emitting event: msal:handleRedirectStart
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - MsalProvider - msal:handleRedirectStart results in setting inProgress from startup to handleRedirect
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : [78728aa2-9ecd-4399-994a-4d8ab8801b13] : [email protected] : Info - handleRedirectPromise called but there is no interaction in progress, returning null.
RequestInterceptor.tsx:27 Wrapped Fetch started for resource planning
GetToken.js:22 acquire token ...
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - useAccount - Updating account
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - Emitting event: msal:handleRedirectEnd
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - MsalProvider - msal:handleRedirectEnd results in setting inProgress from handleRedirect to none
RequestInterceptor.tsx:27 Wrapped Fetch started for resource https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
authConfig.js:36 [Thu, 23 Jun 2022 17:09:59 GMT] : @azure/[email protected] : Info - useAccount - Updating account
RequestInterceptor.tsx:27 Wrapped Fetch started for resource https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
RequestInterceptor.tsx:27 Wrapped Fetch started for resource https://login.microsoftonline.com/common/oauth2/v2.0/token
RequestInterceptor.tsx:33
RequestInterceptor.tsx:33          POST https://login.microsoftonline.com/common/oauth2/v2.0/token 400 (Bad Request)

Apparently, by inspecting the log, the endpoint discovery is providing the authority url that overrides the setting:

https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

没企图 2025-02-17 02:08:43

首先,当局需要针对组织(对于工作或学生帐户)或 common (对于上述所有个人帐户)终点,而不是特定于租户的终点。例如

{
  authority: "https://login.microsoftonline.com/organizations/", 
  //  authority: "https://login.microsoftonline.com/common/", 
}

,您需要将应用程序注册配置为多租户。 更新其应用清单并确保 signinaUdience 设置为 azureadmultipleorgs azureadandpersonalmicrosoftaccount 。后者需要 AccessTokenAcceptedversion 将其设置为 2

First, authority needs to target the organizations (for work or student accounts) or common (for all the aformentioned plus personal accounts) endpoints and not the tenant specific. E.g.

{
  authority: "https://login.microsoftonline.com/organizations/", 
  //  authority: "https://login.microsoftonline.com/common/", 
}

Finally, you need to configure your app registration as multi-tenant. Update its app manifest and ensure signInAudienceis set to AzureADMultipleOrgs or AzureADandPersonalMicrosoftAccount. The latter requires accessTokenAcceptedVersion to be set to 2.

回复 原文
~没有更多了~

关于作者

诺曦

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

李珊平

文章 0 评论 0

Quxin

文章 0 评论 0

范无咎

文章 0 评论 0

github_ZOJ2N8YxBm

文章 0 评论 0

若言

文章 0 评论 0

南…巷孤猫

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文