我正在基于 java 的服务器端应用程序中为 Office 365 帐户实现 Oauth 2 身份验证。阅读文档后,我做了以下事情:
https://login.microsoftonline.com/common/oauth2/authorize?client_id= {client_id}&response_type=code&redirect_uri={重定向网址}&response_mode=query
作为对此的回应,我按预期获得了授权代码:
http://localhost:8080?code={authorication code}&session_state=259479e4-84aa-42ea-91e9-9e919cc99587
现在我需要获取令牌和用户名(用户登录的用户 ID),因为我需要用户名进行进一步处理。为此,我使用此处描述的方法:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/
即使用如下 POST 请求:
POST /{tenant}/oauth2/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&client_id=2d4d11a2-f814-46a7-890a-274a72a7309e
&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrqqf_ZT_p5uEAEJJ_nZ3UmphWygRNy2C3jJ239gV_DBnZ2syeg95Ki-374WHUP-i3yIhv5i-7KU2CEoPXwURQp6IVYMw-DjAOzn7C3JCu5wpngXmbZKtJdWmiBzHpcO2aICJPu1KvJrDLDP20chJBXzVYJtkfjviLNNW7l7Y3ydcHDsBRKZc3GuMQanmcghXPyoDg41g8XbwPudVh7uCmUponBQpIhbuffFP_tbV8SNzsPoFz9CLpBCZagJVXeqWoYMPe2dSsPiLO9Alf_YIe5zpi-zY4C3aLw5g9at35eZTfNd0gBRpR5ojkMIcZZ6IgAA
&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F
&resource=https%3A%2F%2Fservice.contoso.com%2F
&client_secret=p@ssw0rd
现在的问题是,当我发送这个 post 请求时,我总是会收到错误代码,有时是 400 或 402 等。我还在 chrome 中使用 POST man 来检查调用的响应。它总是返回这样的错误:
{
"error": "invalid_grant",
"error_description": "AADSTS65001: The user or administrator has not consented to use the application …azure office-addins outlook-addin office365 microsoft-graph-api