使用 passport.js 的 Active Directory B2C 的 NodeJS 身份验证问题
NodeJS authentication problem with Active Directory B2C using passport.js
我正在尝试使用从 AAD 获得的令牌进行身份验证,但出于某种原因,出现了一个问题,我不确定它来自哪里。
步骤
1- 我生成了一个令牌,授权类型是客户端凭据,使用的活动目录是 b2c,启用了隐式流,选择了 ID 令牌和访问令牌。
2-我添加了一个范围并使用了下面的承载策略配置
super({
identityMetadata:
"https://" +
b2cDomainHost +
"/" +
tenantID +
"/" +
policyName +
"/v2.0/.well-known/openid-configuration/",
clientID: clientID,
policyName: policyName,
isB2C: true,
validateIssuer: false,
loggingLevel: "info",
loggingNoPII: false,
passReqToCallback: false,
}
我最终得到的错误是
{"name":"AzureAD: Bearer Strategy","hostname":"","pid":15354,"level":30,"msg":"authentication failed due to: In Strategy.prototype.jwtVerify: We did not receive a token we know how to validate","time":"","v":0}
重要的是,客户端凭据授予流程当前 直接 支持 Azure AD B2C,请参阅 here。
Although the OAuth 2.0 client credentials grant flow is not currently
directly supported by the Azure AD B2C authentication service, you can
set up client credential flow using Azure AD and the Microsoft
identity platform /token endpoint for an application in your Azure AD
B2C tenant.
表示不支持https://{tenant}.b2clogin.com/,
// NOT SUPPORT
POST https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token
&grant_type=client_credentials
但 https://login.microsoftonline.com/ 受支持。
// SUPPORT
POST https://login.microsoftonline.com/{b2c-tenant-id}/oauth2/v2.0/token
client_id=<b2c-app-client_id>
&scope=https://graph.microsoft.com/.default
&client_secret=<b2c-app-client_secret>
&grant_type=client_credentials
请尝试上一个支持的。
我正在尝试使用从 AAD 获得的令牌进行身份验证,但出于某种原因,出现了一个问题,我不确定它来自哪里。
步骤
1- 我生成了一个令牌,授权类型是客户端凭据,使用的活动目录是 b2c,启用了隐式流,选择了 ID 令牌和访问令牌。
2-我添加了一个范围并使用了下面的承载策略配置
super({
identityMetadata:
"https://" +
b2cDomainHost +
"/" +
tenantID +
"/" +
policyName +
"/v2.0/.well-known/openid-configuration/",
clientID: clientID,
policyName: policyName,
isB2C: true,
validateIssuer: false,
loggingLevel: "info",
loggingNoPII: false,
passReqToCallback: false,
}
我最终得到的错误是
{"name":"AzureAD: Bearer Strategy","hostname":"","pid":15354,"level":30,"msg":"authentication failed due to: In Strategy.prototype.jwtVerify: We did not receive a token we know how to validate","time":"","v":0}
重要的是,客户端凭据授予流程当前 直接 支持 Azure AD B2C,请参阅 here。
Although the OAuth 2.0 client credentials grant flow is not currently directly supported by the Azure AD B2C authentication service, you can set up client credential flow using Azure AD and the Microsoft identity platform
/tokenendpoint for an application in your Azure AD B2C tenant.
表示不支持https://{tenant}.b2clogin.com/,
// NOT SUPPORT
POST https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token
&grant_type=client_credentials
但 https://login.microsoftonline.com/ 受支持。
// SUPPORT
POST https://login.microsoftonline.com/{b2c-tenant-id}/oauth2/v2.0/token
client_id=<b2c-app-client_id>
&scope=https://graph.microsoft.com/.default
&client_secret=<b2c-app-client_secret>
&grant_type=client_credentials
请尝试上一个支持的。