invalid_token_response 尝试检索 OAuth 2.0 访问令牌响应时出错:401 未经授权:[无正文]
invalid_token_response An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]
我已将 Azure AD 添加为身份验证服务器,但它向我显示以下错误
[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]
- Springboot: 2.5.8
- 蔚蓝版本:3.10.0
我的application.properties:
spring.security.oauth2.client.registration.azure-client.provider=azure-ad
spring.security.oauth2.client.registration.azure-client.client-id=<Client_id>
spring.security.oauth2.client.registration.azure-client.client-secret=<Client_secret>
spring.security.oauth2.client.registration.azure-client.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.azure-client.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.registration.azure-client.scope=openid, profile
spring.security.oauth2.client.registration.azure-client.client-authentication-method=post
spring.security.oauth2.client.provider.azure-ad.authorization-uri=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
spring.security.oauth2.client.provider.azure-ad.token-uri=https://login.microsoftonline.com/common/oauth2/v2.0/token
spring.security.oauth2.client.provider.azure-ad.jwk-set-uri=https://login.microsoftonline.com/common/discovery/v2.0/keys
spring.security.oauth2.client.provider.azure-ad.user-name-attribute=name
server.forward-headers-strategy=native
logging.level.org.springframework.security=DEBUG
和安全配置class:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure( HttpSecurity http ) throws Exception {
http.authorizeRequests()
.antMatchers( "/oauth2/**", "/login/**" ).permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.defaultSuccessUrl( "/home" );
}
}
和控制器:
@RestController
public class HomeController {
@GetMapping( "home" )
public String home( @AuthenticationPrincipal(expression = "claims['name']") String name ) {
return String.format( "Hello %s! welcome to the Security app", name);
}
}
正在解决
解决方案一:
确保您输入了正确的 TenantID、ApplicationID 和 Application_Secret,以及组application.properties 文件中的名称
并且您的应用请求的范围也已在 Azure 门户中配置(如果需要管理员同意,请授予)。
方案二:
尝试将 Azure 端点从 v2 更改为 v1。这是通过更改端点
来完成的
例如http://login.microsoft.com/common/oauth2/v2.0/authorize
变成 http://login.microsoft.com/common/oauth2/authorize as indicated in the v1 & v2 comparison.
有关 v1 的更多信息,请参阅此 document
有关详细信息,请参阅此 :
我已将 Azure AD 添加为身份验证服务器,但它向我显示以下错误
[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]
- Springboot: 2.5.8
- 蔚蓝版本:3.10.0
我的application.properties:
spring.security.oauth2.client.registration.azure-client.provider=azure-ad
spring.security.oauth2.client.registration.azure-client.client-id=<Client_id>
spring.security.oauth2.client.registration.azure-client.client-secret=<Client_secret>
spring.security.oauth2.client.registration.azure-client.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.azure-client.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.registration.azure-client.scope=openid, profile
spring.security.oauth2.client.registration.azure-client.client-authentication-method=post
spring.security.oauth2.client.provider.azure-ad.authorization-uri=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
spring.security.oauth2.client.provider.azure-ad.token-uri=https://login.microsoftonline.com/common/oauth2/v2.0/token
spring.security.oauth2.client.provider.azure-ad.jwk-set-uri=https://login.microsoftonline.com/common/discovery/v2.0/keys
spring.security.oauth2.client.provider.azure-ad.user-name-attribute=name
server.forward-headers-strategy=native
logging.level.org.springframework.security=DEBUG
和安全配置class:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure( HttpSecurity http ) throws Exception {
http.authorizeRequests()
.antMatchers( "/oauth2/**", "/login/**" ).permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.defaultSuccessUrl( "/home" );
}
}
和控制器:
@RestController
public class HomeController {
@GetMapping( "home" )
public String home( @AuthenticationPrincipal(expression = "claims['name']") String name ) {
return String.format( "Hello %s! welcome to the Security app", name);
}
}
正在解决
解决方案一:
确保您输入了正确的 TenantID、ApplicationID 和 Application_Secret,以及组application.properties 文件中的名称
并且您的应用请求的范围也已在 Azure 门户中配置(如果需要管理员同意,请授予)。
方案二: 尝试将 Azure 端点从 v2 更改为 v1。这是通过更改端点
来完成的例如http://login.microsoft.com/common/oauth2/v2.0/authorize 变成 http://login.microsoft.com/common/oauth2/authorize as indicated in the v1 & v2 comparison.
有关 v1 的更多信息,请参阅此 document
有关详细信息,请参阅此