azure-active-directory - AADSTS90019 : No tenant-identifying information found in either the request or implied by any provided credentials

Question

嗨，我想实现 Office365 SSO 登录。
我已经创建了一个帐户并现在关注此文档:https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx

我正在获取代码，现在想要实现“使用授权代码请求访问 token ”

但我收到一个错误: AADSTS90019:在请求中或任何提供的凭据中都没有发现租户识别信息。

这是我通话的详细日志:

http-bio-8080-exec-10 29/06/2015 14:45:37,496 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "POST /common/oauth2/token HTTP/1.1[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,496 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "Content-Length: 810[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,497 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,497 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "Host: login.microsoftonline.com[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,498 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "Connection: Keep-Alive[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,499 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "User-Agent: Apache-HttpClient/4.3.5 (java 1.5)[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,499 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,500 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,501 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "client_id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2FXXXXXXXXX%2FREST%2FUser%2Foffice&client_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&code=XXXXXXXXXXXXXXXXXXX&grant_type=authorization_code"
http-bio-8080-exec-10 29/06/2015 14:45:37,570 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "H"
http-bio-8080-exec-10 29/06/2015 14:45:37,571 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "TTP/1.1 400 Bad Request[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,572 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Cache-Control: no-cache, no-store[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,572 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Pragma: no-cache[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,573 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Content-Type: application/json; charset=utf-8[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,573 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Expires: -1[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,574 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Server: Microsoft-IIS/8.5[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,575 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "x-ms-request-id: c7702631-895c-4c6c-bad1-691ced9259f5[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,575 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "x-ms-gateway-service-instanceid: ESTSFE_IN_3[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,576 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "X-Content-Type-Options: nosniff[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,576 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,577 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,578 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Set-Cookie: flight-uxoptin=true; path=/; secure; HttpOnly[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,578 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Set-Cookie: x-ms-gateway-slice=productiona; path=/; secure; HttpOnly[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,579 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Set-Cookie: stsservicecookie=ests; path=/; secure; HttpOnly[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,580 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "X-Powered-By: ASP.NET[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,580 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Date: Mon, 29 Jun 2015 12:45:48 GMT[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,581 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Content-Length: 501[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,581 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,582 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "{"error":"invalid_request","error_description":"AADSTS90019: No tenant-identifying information found in either the request or implied by any provided credentials.\r\nTrace ID: c7702631-895c-4c6c-bad1-691ced9259f5\r\nCorrelation ID: bd641f9d-9982-4808-b7ba-95d3dc0ba8d9\r\nTimestamp: 2015-06-29 12:45:49Z","error_codes":[90019],"timestamp":"2015-06-29 12:45:49Z","trace_id":"c7702631-895c-4c6c-bad1-691ced9259f5","correlation_id":"bd641f9d-9982-4808-b7ba-95d3dc0ba8d9","submit_url":null,"context":null}"

这就是我配置APP的方式

Answer 1

在您的案例中使用的帐户是 Microsoft 帐户，而不是组织帐户/AAD 帐户。不幸的是，Microsoft 帐户在通用端点上不起作用。如果 Microsoft 帐户是 Azure AD 租户中的 guest ，则可以将该租户名称放在授权终结点中，代替“通用”，这样应该可以正常工作。显然，您必须提前了解您想要的租户。

使用组织帐户时，您可能会遇到类似的问题。如果组织帐户是另一个租户或多个租户中的 guest ，则您必须指定要由其颁发 token 的特定租户。