azure - 交响乐团 5 : Connect to Azure with HWIOAuthBundle: An authentication exception occurred

Question

我正在尝试使用 bundle HWIOAuthBundle 将我的 Symfony 5 应用程序连接到 Azuse

从 Microsoft 网站重定向后，我收到以下消息:“发生身份验证异常。”

我的 securey.yaml:

security:
    encoders:
        App\Entity\User:
            algorithm: auto

    providers:
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        secured_area:
            anonymous: ~
            oauth:
                resource_owners:
                    azure:             "/oauth/login/check-azure"
                login_path:        /oauth/login
                use_forward:       false
                failure_path:      /oauth/login

                oauth_user_provider:
                    service: my.oauth_aware.user_provider.service
        main:
            pattern: ^/
            anonymous: lazy
            guard:
                authenticators:
                    - App\Security\LoginFormAuthenticator
            logout:
                path:   app_logout

    access_control:

        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }

    role_hierarchy:
        ROLE_MANAGE: ROLE_USER
        ROLE_ADMIN: [ROLE_ADMIN, ROLE_MANAGE]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN]

我的hwi_oauth.yaml

hwi_oauth_redirect:
    resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
    prefix:   /oauth/connect
hwi_oauth_connect:
    resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
    prefix:   /oauth/connect
hwi_oauth_login:
    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
    prefix:   /oauth/login
azure_login:
    path: /oauth/login/check-azure

我的 hwi_oauth.yaml:

hwi_oauth:
    # list of names of the firewalls in which this bundle is active, this setting MUST be set
    firewall_names: [secured_area]
    resource_owners:
        azure:
            type:                azure
            client_id:           '%env(AZURE_ID)%'
            client_secret:       '%env(AZURE_SECRET)%'
            options:
                resource:    https://graph.windows.net
                application: common

我的服务.yaml:

services:
    _defaults:
        autowire: true      # Automatically injects dependencies in your services.
        autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
    App\:
        resource: '../src/*'
        exclude: '../src/{DependencyInjection,Entity,Migrations,Tests,Kernel.php}'
    App\Controller\:
        resource: '../src/Controller'
        tags: ['controller.service_arguments']
    my.oauth_aware.user_provider.service:
        class: HWI\Bundle\OAuthBundle\Security\Core\User\OAuthUserProvider

我正在使用此代码来访问身份验证

    <a href="{{ path('hwi_oauth_service_redirect', {'service': 'azure' }) }}">
        <span>Login with azure</span>
    </a>

这些是我正在使用的 bundle 的版本:

"hwi/oauth-bundle": "1.1.x-dev",
"php-http/guzzle6-adapter": "^2.0",
"php-http/httplug-bundle": "^1.17",

如果你能帮助我，先谢谢你了^^

Answer 1

确保将“scope”参数添加到您的 Azure 定义中:

resource_owners:
    azure:
        type:                   azure
        client_id:              <client-id>
        client_secret:          <client-secret>
        scope:                  User.Read offline_access

        options:
            infos_url:              https://graph.microsoft.com/v1.0/me
            application: common
            csrf: true

此外，您还必须向用户授予权限。请阅读 Azure 门户中的应用程序设置。

顺便说一句:获取刷新 token 需要“offline_access”范围。