0

我正在关注文档https://docs.microsoft.com/en-us/azure/active-directory-b2c/access-tokens

但是,替换下面的所有占位符后,它不会生成授权码。我在 Postman 上收到的消息如下:当我在浏览器上尝试时,没有返回任何内容。

<noscript>
        <div id="no_js">
            <div class="error_container">
                <div>
                    <h1>We can't sign you in</h1>
                    <p>Your browser is currently set to block JavaScript. You need to allow JavaScript to use this
                        service.</p>
                    <p>To learn how to allow JavaScript or to find out whether your browser supports JavaScript, check
                        the online help in your web browser.</p>
                </div>
            </div>
        </div>
    </noscript>

GET https://<tenant-name>.b2clogin.com/tfp/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize?
client_id=<application-ID>
&nonce=anyRandomValue
&redirect_uri=https://jwt.ms
&scope=https://<tenant-name>.onmicrosoft.com/api/read
&response_type=code
4

2 回答 2

1

scope=https%3A%2F%2Fcontoso.onmicrosoft.com%2Fapi%2Fread%20openid%20offline_access通过将范围设置为并更新租户和客户端 ID使用浏览器发出以下请求后

GET https://<tenant-name>.b2clogin.com/tfp/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize?
client_id=<application-ID>
&nonce=anyRandomValue
&redirect_uri=https://jwt.ms
&scope=https%3A%2F%2Fcontoso.onmicrosoft.com%2Fapi%2Fread%20openid%20offline_access
&response_type=code

您将在 URL 中收到带有授权码的响应,如下所示

https://jwt.ms/?code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...

在此处输入图像描述

成功接收到上述响应 URL 中的授权码后,复制 code 值并发出 post 请求以获取访问令牌

POST <tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token HTTP/1.1
Host: <tenant-name>.b2clogin.com
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&client_id=<application-ID>
&scope=https%3A%2F%2Fcontoso.onmicrosoft.com%2Fapi%2Fread%20openid%20offline_access
&code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
&redirect_uri=https://jwt.ms
&client_secret=2hMG2-_:y12n10vwH...

在此处输入图像描述 将代码替换为您在第一次请求的响应中收到的授权代码,并使用客户端应用程序的 client_secret。

于 2020-10-23T14:24:48.767 回答
0

显然,仅当您以私有模式打开浏览器以在我的情况下生成授权代码时,记录的过程才有效

于 2020-10-26T09:48:36.790 回答