invalid_scope 错误 AADSTS70011,为什么我会收到此错误
invalid_scope error AADSTS70011, Why I am getting this error
public string[] scopes1 = new string[]
{
"https://graph.microsoft.com/User.Read",
"https://graph.microsoft.com/User.ReadWrite",
"https://graph.microsoft.com/User.ReadBasic.All",
"https://graph.microsoft.com/Mail.Send",
"https://graph.microsoft.com/Calendars.ReadWrite",
"https://graph.microsoft.com/Mail.ReadWrite",
"https://graph.microsoft.com/Files.ReadWrite",
};
public async Task<string> GetAccessToken2()
{
string url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?";//https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
using (var client = new HttpClient())
{
client.BaseAddress = new Uri(url);
// We want the response to be JSON.
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
// Build up the data to POST.
List<KeyValuePair<string, string>> postData = new List<KeyValuePair<string, string>>();
postData.Add(new KeyValuePair<string, string>("grant_type", "client_credentials"));
postData.Add(new KeyValuePair<string, string>("client_id", appId));
postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
postData.Add(new KeyValuePair<string, string>("response_type", "code"));
postData.Add(new KeyValuePair<string, string>("response_mode", "query"));
// postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
//postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
postData.Add(new KeyValuePair<string, string>("redirect_uri", "http://localhost/5341/Home/AddC"));
postData.Add(new KeyValuePair<string, string>("Scope",string.Join(" ", scopes1)));// "openid offline_access https://graph.microsoft.com/mail.read"));
postData.Add(new KeyValuePair<string, string>("state", "12345"));
FormUrlEncodedContent content = new FormUrlEncodedContent(postData);
// Post to the Server and parse the response.
HttpResponseMessage response = await client.PostAsync("Token", content);
string jsonString = await response.Content.ReadAsStringAsync();
object responseData = JsonConvert.DeserializeObject(jsonString);
// return the Access Token.
return ((dynamic)responseData).access_token;
}
}
{"error":"invalid_scope","error_description":"AADSTS70011: The
provided value for the input parameter 'scope' is not valid. The scope
https://graph.microsoft.com/User.Read
https://graph.microsoft.com/User.ReadWrite
https://graph.microsoft.com/User.ReadBasic.All
https://graph.microsoft.com/Mail.Send
https://graph.microsoft.com/Calendars.ReadWrite
https://graph.microsoft.com/Mail.ReadWrite
https://graph.microsoft.com/Files.ReadWrite is not valid.\r\nTrace ID:
17e465ac-9aca-4615-8021-f48ee8f00900\r\nCorrelation ID:
47a584ed-07ca-4a51-bdd1-8cb7364de3ee\r\nTimestamp: 2017-09-15
12:39:26Z","error_codes":[70011],"timestamp":"2017-09-15
12:39:26Z","trace_id":"17e465ac-9aca-4615-8021-f48ee8f00900","correlation_id":"47a584ed-07ca-4a51-bdd1-8cb7364de3ee"}
对 https://login.microsoftonline.com/common/oauth2/v2.0/authorize 的调用是 HTTP GET,而不是 POST。它是获取授权码并发出 POST 到 https://login.microsoftonline.com/common/oauth2/v2.0/token.
的回调函数
初始 GET 的原型是(为了便于阅读而换行):
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=[APPLICATION ID]&
response_type=code&
redirect_uri=[REDIRECT URI]&
scope=[SCOPE]
第二阶段发一个POST。该原型是:
POST URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
POST HEADER: Content-Type: application/x-www-form-urlencoded
POST BODY: grant_type=authorization_code&code=[AUTHORIZATION CODE]&
client_id=[APPLICATION ID]&client_secret=[PASSWORD]
&scope=[SCOPE]&redirect_uri=[REDIRECT URI]
也不是说这不是JSON,Content-Type是application/x-www-form-urlencoded。
我前一段时间写了一篇文章,介绍了使用 v2 端点的授权代码流程,您可能会发现它有帮助:Microsoft v2 Endpoint Primer
https://login.microsoftonline.com/{{tenant_id}}/oauth2/token
去掉v2.0版本试试。
我有相同的错误代码
"error_codes": [
70011
],
so its resolve your issues
public string[] scopes1 = new string[]
{
"https://graph.microsoft.com/User.Read",
"https://graph.microsoft.com/User.ReadWrite",
"https://graph.microsoft.com/User.ReadBasic.All",
"https://graph.microsoft.com/Mail.Send",
"https://graph.microsoft.com/Calendars.ReadWrite",
"https://graph.microsoft.com/Mail.ReadWrite",
"https://graph.microsoft.com/Files.ReadWrite",
};
public async Task<string> GetAccessToken2()
{
string url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?";//https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
using (var client = new HttpClient())
{
client.BaseAddress = new Uri(url);
// We want the response to be JSON.
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
// Build up the data to POST.
List<KeyValuePair<string, string>> postData = new List<KeyValuePair<string, string>>();
postData.Add(new KeyValuePair<string, string>("grant_type", "client_credentials"));
postData.Add(new KeyValuePair<string, string>("client_id", appId));
postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
postData.Add(new KeyValuePair<string, string>("response_type", "code"));
postData.Add(new KeyValuePair<string, string>("response_mode", "query"));
// postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
//postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));
postData.Add(new KeyValuePair<string, string>("redirect_uri", "http://localhost/5341/Home/AddC"));
postData.Add(new KeyValuePair<string, string>("Scope",string.Join(" ", scopes1)));// "openid offline_access https://graph.microsoft.com/mail.read"));
postData.Add(new KeyValuePair<string, string>("state", "12345"));
FormUrlEncodedContent content = new FormUrlEncodedContent(postData);
// Post to the Server and parse the response.
HttpResponseMessage response = await client.PostAsync("Token", content);
string jsonString = await response.Content.ReadAsStringAsync();
object responseData = JsonConvert.DeserializeObject(jsonString);
// return the Access Token.
return ((dynamic)responseData).access_token;
}
}
{"error":"invalid_scope","error_description":"AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.ReadWrite https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/Mail.Send https://graph.microsoft.com/Calendars.ReadWrite https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/Files.ReadWrite is not valid.\r\nTrace ID: 17e465ac-9aca-4615-8021-f48ee8f00900\r\nCorrelation ID: 47a584ed-07ca-4a51-bdd1-8cb7364de3ee\r\nTimestamp: 2017-09-15 12:39:26Z","error_codes":[70011],"timestamp":"2017-09-15 12:39:26Z","trace_id":"17e465ac-9aca-4615-8021-f48ee8f00900","correlation_id":"47a584ed-07ca-4a51-bdd1-8cb7364de3ee"}
对 https://login.microsoftonline.com/common/oauth2/v2.0/authorize 的调用是 HTTP GET,而不是 POST。它是获取授权码并发出 POST 到 https://login.microsoftonline.com/common/oauth2/v2.0/token.
初始 GET 的原型是(为了便于阅读而换行):
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=[APPLICATION ID]&
response_type=code&
redirect_uri=[REDIRECT URI]&
scope=[SCOPE]
第二阶段发一个POST。该原型是:
POST URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
POST HEADER: Content-Type: application/x-www-form-urlencoded
POST BODY: grant_type=authorization_code&code=[AUTHORIZATION CODE]&
client_id=[APPLICATION ID]&client_secret=[PASSWORD]
&scope=[SCOPE]&redirect_uri=[REDIRECT URI]
也不是说这不是JSON,Content-Type是application/x-www-form-urlencoded。
我前一段时间写了一篇文章,介绍了使用 v2 端点的授权代码流程,您可能会发现它有帮助:Microsoft v2 Endpoint Primer
https://login.microsoftonline.com/{{tenant_id}}/oauth2/token
去掉v2.0版本试试。 我有相同的错误代码
"error_codes": [ 70011 ], so its resolve your issues