发布oauth2/v2.0/令牌400(不良请求)遵循官方MSAL REECT教程时
我只有读书人不知所措。它没有提到这一点。我下载了此项目,并遵循教程进行自定义 authconfig.js ,我什至删除了除 authconfig.js 中的策略中的所有符号外的所有内容。它将行不通。
https://github.com/azure-samples/ms-indistity-javascript-react-tutorial/tree/main/main/main/1-authentication/2-sign-in-b2c 设置重定向URI后,将我返回 localhost:3000 ,但不会显示为身份验证。我只是在控制台中获得错误:
FetchClient.ts:58 POST https://<domain>.b2clogin.com/<domain>.onmicrosoft.com/b2c_1_sign_in/oauth2/v2.0/token 400 (Bad Request)
我的 authconfig.js b2cpolicies和config:
export const b2cPolicies = {
names: {
signUpSignIn: "B2C_1_Sign_in"
},
authorities: {
signUpSignIn: {
authority: "https://<domain>.b2clogin.com/<domain>.onmicrosoft.com/B2C_1_Sign_in",
}
},
authorityDomain: "<domain>.b2clogin.com"
}
/**
* Configuration object to be passed to MSAL instance on creation.
* For a full list of MSAL.js configuration parameters, visit:
* https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/configuration.md
*/
export const msalConfig = {
auth: {
clientId: "<ID>", // This is the ONLY mandatory field that you need to supply.
authority: b2cPolicies.authorities.signUpSignIn.authority, // Use a sign-up/sign-in user-flow as a default authority
knownAuthorities: [b2cPolicies.authorityDomain], // Mark your B2C tenant's domain as trusted.
redirectUri: "/", // Points to window.location.origin. You must register this URI on Azure Portal/App Registration.
postLogoutRedirectUri: "/", // Indicates the page to navigate after logout.
navigateToLoginRequestUrl: false, // If "true", will navigate back to the original request location before processing the auth code response.
},
cache: {
cacheLocation: "sessionStorage", // Configures cache location. "sessionStorage" is more secure, but "localStorage" gives you SSO between tabs.
storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
},
system: {
loggerOptions: {
loggerCallback: (level, message, containsPii) => {
if (containsPii) {
return;
}
switch (level) {
case LogLevel.Error:
console.error(message);
return;
case LogLevel.Info:
console.info(message);
return;
case LogLevel.Verbose:
console.debug(message);
return;
case LogLevel.Warning:
console.warn(message);
return;
}
}
}
}
};
它可以与页面上的默认值一起使用。怎么了?
解决方案 这是我清单上的应用程序注册的问题。 azure ad B2C:客户在赎回机密赠款时必须发送client_secret
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您的重定向URI必须为MSAL.JS类型为“ SPA”,因此请验证您的应用程序注册。您不应为MSAL.JS提供客户秘密,因为任何人都可以在浏览器中查看。
Your redirect URI must be of type "spa" for MSAL.js, so please verify your app registration. You should not provide a client secret for MSAL.js, as this will be viewable in the browser by anyone.