更新时间:2023-02-15 08:23:48
我不认为你在路过正确的处理令牌端点,你需要传递范围如下 - 对于默认范围传递
scope = https %3A%2F%2Fgraph.microsoft.com%2F 。默认
( https://graph.microsoft.com/.default)
或者你知道范围你可以这样传递 -
范围= HTTPS%3A%2F%2Fgraph.microsoft.com%2Fuser.read
I am trying to get user groups, I implement saml but it not return me the user groups.
I have:
Azure Ad directory:
Directory id = {directory id}
Enterprise application with saml authentication that works:
Application id = {enterprize app id}
Application in apps dot dev dot microsoft dot com/
Application id = {app id}
Client secret ={secret}
https login dot microsoftonline dot com/{directory id}/oauth2/authorize?client_id={enterprize app id}&response_type=code&redirect_uri={uri}&prompt=admin_consent
POST https login dot microsoftonline dot com/{directory id}f/oauth2/v2.0/token
Post fields:
grant_type=authorization_code
client_id={enterprize app id}
scope=https graph dot microsoft dot com/v1.0/me/memberOf
code=code from previous request
redirect_uri={enterpise app redirect uri}
Response:
AADSTS50000: There was an error issuing a token.
When I try with the {app id} and Client secret I get:
https dot login dot microsoftonlinedot com/{directory id}/oauth2/authorize?client_id={app id}&response_type=code&redirect_uri={uri}&prompt=admin_consent
POST https login dot microsoftonline dot com/{directory id}f/oauth2/v2.0/token
Post fields:
grant_type=authorization_code
client_id={app id}
scope=https graph dot microsoft dot com/v1.0/me/memberOf
code=code from previous request
redirect_uri={app redirect uri}
client_secret={secret}
Got the same error:
There was an error issuing a token.
I do not think you are passing the correct scope to token endpoint and you need to pass the scope like below - For default scope pass
scope=https%3A%2F%2Fgraph.microsoft.com%2F.default (https://graph.microsoft.com/.default)
or if you know scopes you can pass like this -
scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read