gpt4 book ai didi

.net - Azure AD 异常 Microsoft.Identity.Client.MsalServiceException : The provided value for the input parameter 'scope' is not valid

转载 作者:行者123 更新时间:2023-12-03 06:06:41 27 4
gpt4 key购买 nike

我创建了 azure ad Multi-Tenancy 应用程序以允许组织和公共(public)电子邮件。目前正在 .net 控制台应用程序上进行测试。

 var tenantId = "d0748657 ........";
var clientId = "23a9c7a6 ........";
var authorityUri = $"https://login.microsoftonline.com/common";
var redirectUri = "http://localhost";

var pca = PublicClientApplicationBuilder
.Create(clientId)
.WithAuthority(new Uri(authorityUri))
.WithRedirectUri(redirectUri)
.Build();

现在说到 smtpScope,我正在使用 https://outlook.office365.com/SMTP.Send

 var smtpScope = new string[] { "https://outlook.office365.com/SMTP.Send",  }; 
var accounts = await pca.GetAccountsAsync();
AuthenticationResult result = null;
if (accounts.Any())
result = await pca.AcquireTokenSilent(smtpScope, accounts.FirstOrDefault()).ExecuteAsync();

else
{
try
{
result = await pca.AcquireTokenInteractive(smtpScope).ExecuteAsync();
}
catch (MsalException ex)
{
Console.WriteLine($"Error acquiring access token: {ex}");
}

Console.WriteLine($"Token : {result.AccessToken}");

当我使用我的组织电子邮件登录时,我收到 token 并且一切正常,但当我使用我的个人 Outlook 帐户登录时,我收到此错误

获取访问 token 时出错:MSAL.Desktop.4.56.0.0.MsalServiceException:错误代码:invalid_scopeMicrosoft.Identity.Client.MsalServiceException:为输入参数“范围”提供的资源值无效

我在这里缺少什么? smtpScope 不正确吗?

最佳答案

当我在我的环境中运行您的代码时,我在个人 Outlook 帐户中也遇到了相同的错误:

 var tenantId = "d0748657 ........";
var clientId = "23a9c7a6 ........";
var authorityUri = $"https://login.microsoftonline.com/common";
var redirectUri = "http://localhost";

var pca = PublicClientApplicationBuilder
.Create(clientId)
.WithAuthority(new Uri(authorityUri))
.WithRedirectUri(redirectUri)
.Build();

var smtpScope = new string[] { "https://outlook.office365.com/SMTP.Send", };
var accounts = await pca.GetAccountsAsync();
AuthenticationResult result = null;
if (accounts.Any())
result = await pca.AcquireTokenSilent(smtpScope, accounts.FirstOrDefault()).ExecuteAsync();

else
{
try
{
result = await pca.AcquireTokenInteractive(smtpScope).ExecuteAsync();
}
catch (MsalException ex)
{
Console.WriteLine($"Error acquiring access token: {ex}");
}

Console.WriteLine($"Token : {result.AccessToken}");

回应:

enter image description here

AFAIK, SMTP.Send permission is currently available only for work or school(organizational) accounts, not personal Microsoft accounts after Feb 2023 to generate OAuth2 access token.

当我使用组织帐户再次运行相同的代码时,我在响应中成功获得了 token ,如下所示:

enter image description here

为了确认这一点,我对 jwt.ms 中的 token 进行了解码其中 audscp 声明如下:

enter image description here

或者,您可以通过添加 Mail.Send 切换到 Microsoft Graph API,以从个人 Outlook 帐户发送邮件。为此,请通过替换 scope 值来修改代码:

using Microsoft.Identity.Client;

var clientId = "appId";
var authorityUri = $"https://login.microsoftonline.com/common";
var redirectUri = "http://localhost";

var pca = PublicClientApplicationBuilder
.Create(clientId)
.WithAuthority(new Uri(authorityUri))
.WithRedirectUri(redirectUri)
.Build();

var graphScopes = new string[] { "https://graph.microsoft.com/Mail.Send" };

var accounts = await pca.GetAccountsAsync();
AuthenticationResult result = null;

if (accounts.Any())
{
result = await pca.AcquireTokenSilent(graphScopes, accounts.FirstOrDefault()).ExecuteAsync();
}
else
{
try
{
result = await pca.AcquireTokenInteractive(graphScopes).ExecuteAsync();
}
catch (MsalException ex)
{
Console.WriteLine($"Error acquiring access token: {ex}");
}

Console.WriteLine($"Token : {result.AccessToken}");
}

当我通过运行上述代码使用个人 Outlook 帐户登录时,我收到如下同意提示:

enter image description here

接受上述同意后,我在控制台中成功获取了访问 token ,如下所示:

enter image description here

引用: SMTP.Send OAuth permission not working for consumer accounts - Microsoft Q&A by Akshay-MSFT

关于.net - Azure AD 异常 Microsoft.Identity.Client.MsalServiceException : The provided value for the input parameter 'scope' is not valid,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/77234044/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com