我想实现在iOS应用中的OAuth2隐性补助流。在这种情况下,它需要一个令牌请求,而不是一个code请求,因为你不能在本机应用程序共享客户端密钥安全。
所以像这样的请求产生一个登录表单:
login.windows/<tenantid>/oauth2/authorize?api-version=1.0&client_id=<client id>&response_type=token&redirect_uri=shp-apps://localhost:44300/?ReturnUrl=%2F&resource=graph.windows在成功登录我得到这个错误:
#错误= unsupported_response_type&安培; ERROR_DESCRIPTION = AADSTS70005:RESPONSE_TYPE'令牌' 不支持的应用跟踪+ ID:9008e580-2798-4b6c-a6bf-2bf614b61f64关联+ ID:ceb9bb4b-34a4-4441-801f-377f534543b1时间戳:2014年8月26日+ 16%3a24%3a24Z这是实际上是正确,不支持令牌request_type?还是有别的东西,我需要做什么?该应用程序设置为一个本机应用程序。我已经能够做一个code'RESPONSE_TYPE在同一个活动目录不同的应用程序。
解决方案隐性补助流确实尚未被Azure的AD支持。为了您的iOS应用,使用带有刷新令牌支持授权code拨款流程。你并不需要写在您自己的OAuth流 - 使用我们的iOS / OSX SDK来代替:的 github/AzureAD/azure-activedirectory-library-for-objc
菲利普,敬请关注对隐性补助流 - 这是在我们的雷达。
希望这有助于。
更新:Azure的AD现在suports隐性补助的OAuth流。请参阅: github/AzureADSamples/SinglePageApp-AngularJS-DotNet
I am trying to implement a OAuth2 implicit grant flow in an IOS app. In this case it requires a token request instead of a code request because you can't share the client secret in a native app safely.
so a request like this yields a login form:
login.windows/<tenantid>/oauth2/authorize?api-version=1.0&client_id=<client id>&response_type=token&redirect_uri=shp-apps://localhost:44300/?ReturnUrl=%2F&resource=graph.windowsAfter successfully login I get this error:
#error=unsupported_response_type&error_description=AADSTS70005: response_type 'token' is not supported for the application Trace+ID: 9008e580-2798-4b6c-a6bf-2bf614b61f64 Correlation+ID: ceb9bb4b-34a4-4441-801f-377f534543b1 Timestamp: 2014-08-26+16%3a24%3a24ZIs this actually correct, the token request_type is not supported? or is there something else that I need to do? The application is setup as a native app. I have already been able to do a 'code' response_type in a different application in the same active directory.
解决方案Implicit grant flow is indeed not supported yet by Azure AD. For your iOS app, use the authorization code grant flow with refresh token support. You don't need to write the OAuth flow on your own - use our iOS/OSX SDK instead: github/AzureAD/azure-activedirectory-library-for-objc
Philip, stay tuned on the implicit grant flow - it is on our radar.
Hope this helps.
UPDATE: Azure AD now suports implicit grant OAuth flow. see: github/AzureADSamples/SinglePageApp-AngularJS-DotNet
更多推荐
得到#错误= unsupported
发布评论