Microsoft Teams SSO 身份验证方法 getAuthToken() returns 'resourceDisabled'
Microsoft Teams SSO Authentication method getAuthToken() returns 'resourceDisabled'
我正在尝试从 Microsoft 团队获取 AuthToken,尽管按照书本进行了所有操作,但我还是收到错误消息。
我知道 S.O 上有一个类似的问题,但我尝试了所有建议,但仍然没有用。
这是我的标签代码:
useEffect(() => {
if (inTeams === true) {
microsoftTeams.authentication.getAuthToken({
successCallback: (result) => {
console.log(result)
},
failureCallback: function (error) {
console.log(error)
}
});
} else {
setEntityId("Not in Microsoft Teams");
}
}, [inTeams]);
这是我的 manifest.json. 文件,我不确定 'webApplicationInfo' 部分是否在正确的位置:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.11/MicrosoftTeams.schema.json",
"manifestVersion": "1.11",
"id": "{{APPLICATION_ID}}",
"version": "{{VERSION}}",
"packageName": "{{PACKAGE_NAME}}",
"developer": {
"name": "Vizibit",
"websiteUrl": "https://{{PUBLIC_HOSTNAME}}",
"privacyUrl": "https://{{PUBLIC_HOSTNAME}}/privacy.html",
"termsOfUseUrl": "https://{{PUBLIC_HOSTNAME}}/tou.html"
},
"name": {
"short": "TeamsAddIn",
"full": "TeamsAddIn"
},
"description": {
"short": "TODO: add short description here",
"full": "TODO: add full description here"
},
"icons": {
"outline": "icon-outline.png",
"color": "icon-color.png"
},
"accentColor": "#D85028",
"configurableTabs": [
{
"configurationUrl": "https://{{PUBLIC_HOSTNAME}}/signatorDemoTab/config.html?name={loginHint}&tenant={tid}&group={groupId}&theme={theme}",
"canUpdateConfiguration": true,
"scopes": [
"team"
]
}
],
"staticTabs": [],
"bots": [],
"connectors": [],
"composeExtensions": [],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"{{PUBLIC_HOSTNAME}}"
],
"showLoadingIndicator": true,
"webApplicationInfo": {
"id": "{{APPLICATION_ID}}",
"resource": "api://{{PUBLIC_HOSTNAME}}/{{APPLICATION_ID}}"
}
}
我得到的错误:
这也在错误中:
谢谢:)
更新:
这是我现在得到的错误。
这就是我使用的:
useEffect(() => {
if (inTeams === true) {
microsoftTeams.authentication.getAuthToken({
successCallback: (result) => {
const serviceRequest: AuthRequest = {
client_id: "[CLIENTID]",
client_secret: "[CLIENTSECRET]",
requested_token_use: "on_behalf_of",
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
scope:
"api://[MYNGROK].ngrok.io/[CLIENTID]",
assertion: result,
};
httpClient.GetAuthenticationToken(serviceRequest).then((res) => {
console.log(res);
});
microsoftTeams.appInitialization.notifySuccess();
},
failureCallback: function (error) {
console.log(error);
},
});
} else {
setEntityId("Not in Microsoft Teams");
}
}, [inTeams]);
"error_description": "AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '[CLIENTID]'.\r\nTrace ID: 2dc1bddf-a15c-45a8-9346-4d2b83011600\r\nCorrelation ID: cf790d06-19e5-49c4-a79c-364f044d7ee8\r\nTimestamp: 2022-03-31 11:39:59Z",
我的client secret是对的,不知道为什么会报错
更新:
仍然得到相同的 CORS 错误,即使我设法在 postman 中解决了它,仍然无法在 React axios 中解决。
var formData = new URLSearchParams();
formData.append("client_id", "[CLIENT_ID]");
formData.append(
"client_secret",
"[CLIENT_SECRET]"
);
formData.append("requested_token_use", "on_behalf_of");
formData.append(
"grant_type",
"urn:ietf:params:oauth:grant-type:jwt-bearer"
);
formData.append(
"scope",
"api://[NGROK].ngrok.io/[CLIENT_ID]/scope"
);
formData.append("assertion", result);
axios.post("https://login.microsoftonline.com/common/oauth2/v2.0/token", formData);
我不知道你在做什么文档(即你“写的”是哪本“书”),因为其中一些(很多)已经很旧了,需要完全重写。最好的来源是这个:https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso?tabs=dotnet
这是一个很棒的视频概述:https://www.youtube.com/watch?v=kruUnaZgQaY and here's a sample (covers both node and dotnet): https://github.com/pnp/teams-dev-samples/tree/main/samples/tab-sso
就是说,您发布的底部屏幕截图中似乎显示了错误 - 您需要获得该应用的管理员同意。在此处查看更多信息:https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso?tabs=dotnet#tenant-admin-consent
我正在尝试从 Microsoft 团队获取 AuthToken,尽管按照书本进行了所有操作,但我还是收到错误消息。 我知道 S.O 上有一个类似的问题,但我尝试了所有建议,但仍然没有用。 这是我的标签代码:
useEffect(() => {
if (inTeams === true) {
microsoftTeams.authentication.getAuthToken({
successCallback: (result) => {
console.log(result)
},
failureCallback: function (error) {
console.log(error)
}
});
} else {
setEntityId("Not in Microsoft Teams");
}
}, [inTeams]);
这是我的 manifest.json. 文件,我不确定 'webApplicationInfo' 部分是否在正确的位置:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.11/MicrosoftTeams.schema.json",
"manifestVersion": "1.11",
"id": "{{APPLICATION_ID}}",
"version": "{{VERSION}}",
"packageName": "{{PACKAGE_NAME}}",
"developer": {
"name": "Vizibit",
"websiteUrl": "https://{{PUBLIC_HOSTNAME}}",
"privacyUrl": "https://{{PUBLIC_HOSTNAME}}/privacy.html",
"termsOfUseUrl": "https://{{PUBLIC_HOSTNAME}}/tou.html"
},
"name": {
"short": "TeamsAddIn",
"full": "TeamsAddIn"
},
"description": {
"short": "TODO: add short description here",
"full": "TODO: add full description here"
},
"icons": {
"outline": "icon-outline.png",
"color": "icon-color.png"
},
"accentColor": "#D85028",
"configurableTabs": [
{
"configurationUrl": "https://{{PUBLIC_HOSTNAME}}/signatorDemoTab/config.html?name={loginHint}&tenant={tid}&group={groupId}&theme={theme}",
"canUpdateConfiguration": true,
"scopes": [
"team"
]
}
],
"staticTabs": [],
"bots": [],
"connectors": [],
"composeExtensions": [],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"{{PUBLIC_HOSTNAME}}"
],
"showLoadingIndicator": true,
"webApplicationInfo": {
"id": "{{APPLICATION_ID}}",
"resource": "api://{{PUBLIC_HOSTNAME}}/{{APPLICATION_ID}}"
}
}
我得到的错误:
这也在错误中:
谢谢:)
更新:
这是我现在得到的错误。
这就是我使用的:
useEffect(() => {
if (inTeams === true) {
microsoftTeams.authentication.getAuthToken({
successCallback: (result) => {
const serviceRequest: AuthRequest = {
client_id: "[CLIENTID]",
client_secret: "[CLIENTSECRET]",
requested_token_use: "on_behalf_of",
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
scope:
"api://[MYNGROK].ngrok.io/[CLIENTID]",
assertion: result,
};
httpClient.GetAuthenticationToken(serviceRequest).then((res) => {
console.log(res);
});
microsoftTeams.appInitialization.notifySuccess();
},
failureCallback: function (error) {
console.log(error);
},
});
} else {
setEntityId("Not in Microsoft Teams");
}
}, [inTeams]);
"error_description": "AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '[CLIENTID]'.\r\nTrace ID: 2dc1bddf-a15c-45a8-9346-4d2b83011600\r\nCorrelation ID: cf790d06-19e5-49c4-a79c-364f044d7ee8\r\nTimestamp: 2022-03-31 11:39:59Z",
我的client secret是对的,不知道为什么会报错
更新: 仍然得到相同的 CORS 错误,即使我设法在 postman 中解决了它,仍然无法在 React axios 中解决。
var formData = new URLSearchParams();
formData.append("client_id", "[CLIENT_ID]");
formData.append(
"client_secret",
"[CLIENT_SECRET]"
);
formData.append("requested_token_use", "on_behalf_of");
formData.append(
"grant_type",
"urn:ietf:params:oauth:grant-type:jwt-bearer"
);
formData.append(
"scope",
"api://[NGROK].ngrok.io/[CLIENT_ID]/scope"
);
formData.append("assertion", result);
axios.post("https://login.microsoftonline.com/common/oauth2/v2.0/token", formData);
我不知道你在做什么文档(即你“写的”是哪本“书”),因为其中一些(很多)已经很旧了,需要完全重写。最好的来源是这个:https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso?tabs=dotnet
这是一个很棒的视频概述:https://www.youtube.com/watch?v=kruUnaZgQaY and here's a sample (covers both node and dotnet): https://github.com/pnp/teams-dev-samples/tree/main/samples/tab-sso
就是说,您发布的底部屏幕截图中似乎显示了错误 - 您需要获得该应用的管理员同意。在此处查看更多信息:https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso?tabs=dotnet#tenant-admin-consent