小贝子编程

Azure UCWA身份验证中的商业Skype - 发行的令牌未接受



我正在使用UCWA将Java应用程序与Skype集成为Azure的业务,这是我执行的操作列表。当一切似乎都在起作用并覆盖时,我被困在意想不到的地方。解决方案可能是微不足道的,例如添加附加许可,但我找不到它。另外,我相信这篇文章将帮助陷入早期阶段的人。

  1. 在Azure Portal中注册申请: 注册为本机申请 向所有Skype添加所需的权限,以供商务在线权限 授予所有用户的权限 获取应用程序ID(以后将其用作客户端ID(

  2. http get,btw :(租户(应替换为实际租户名称请求:

    curl -X GET http://lyncdiscover.(tenant).onmicrosoft.com/ -H 'cache-control: no-cache' -H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' -H 'postman-token: b45b8fee-852f-4678-3631-3a06727d99fc' -F Capture=undefined

响应:

`{
    "_links": {
        "self": {
            "href": "https://webdir0a.online.lync.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=(tenant).onmicrosoft.com"
        },
        "xframe": {
            "href": "https://webdir3a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/xframe"
        },
        "redirect": {
            "href": "https://webdir3a.online.lync.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=(tenant).onmicrosoft.com"
        }
    }
}`

  1. http获取重定向url

    curl -X GET 'https://webdir3a.online.lync.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=(tenant).onmicrosoft.com' -H 'cache-control: no-cache' -H 'postman-token: 273cad2b-a9a9-9882-8634-b52f9a9976b5'

    { "_links": { "self": { "href": "https://webdir3a.online.lync.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=(tenant).onmicrosoft.com" }, "user": { "href": "https://webdir3a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=(tenant).onmicrosoft.com" }, "xframe": { "href": "https://webdir3a.online.lync.com/Autodiscover/XFrame/XFrame.html" } } }

  2. 获取用户URL

    curl -X GET 'https://webdir3a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=(tenant).onmicrosoft.com' -H 'cache-control: no-cache' -H 'postman-token: af9ab0bd-dc6f-b2f3-e7d9-23941aac5537'

响应:401未经授权读取响应HTTP标头并提取

`authorization_uri="https://login.windows.net/common/oauth2/authorize"`

  1. 发布授权URL:客户端 id = Azure Portal App注册中的应用ID资源= 00000004-0000-0FF1-CE00-00000000000000000000000000000000000000000000000000000000000000000000000000000000来体验ID

    curl -X POST https://login.windows.net/common/oauth2/token -H 'cache-control: no-cache' -H 'content-type: application/x-www-form-urlencoded;charset=UTF-8' -H 'postman-token: 39902b3f-00c3-e7a8-75d0-6b94f10e07ed' -d 'resource=00000004-0000-0ff1-ce00-000000000000&client_id=XXXX-XXXX-XXXX&grant_type=password&username=actualUserName@tenant.com&password=actual_password&scope=openid'

响应:

`{
    "token_type": "Bearer",
    "scope": "Contacts.ReadWrite Conversations.Initiate Conversations.Receive Meetings.ReadWrite User.ReadWrite",
    "expires_in": "3599",
    "ext_expires_in": "0",
    "expires_on": "1518196708",
    "not_before": "1518192808",
    "resource": "00000004-0000-0ff1-ce00-000000000000",
    "access_token": "eyJ0...",
    "refresh_token": "AQABA...",
    "id_token": "eyJ0e..."
}`

是的,我得到了实际的令牌,一切似乎都很好,但事实并非如此。当我使用此令牌再次获取用户URL时,现在的响应是403,我被卡住了。

`curl -X GET 
  'https://webdir3a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=(tenant).onmicrosoft.com' 
  -H 'authorization: Bearer eyJ0eXA...' 
  -H 'cache-control: no-cache' 
  -H 'postman-token: ff0a80bd-5025-5b28-3f1c-cf9205890812'`

响应:403禁止

`    <body>
        <div id="header">
            <h1>Server Error</h1>
        </div>
        <div id="content">
            <div class="content-container">
                <fieldset>
                    <h2>403 - Forbidden: Access is denied.</h2>
                    <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
                </fieldset>
            </div>
        </div>
    </body>`

错误是在步骤#4中,参数资源。正确的请求使用用户服务器URL作为资源参数:

curl -X POST 
  https://login.windows.net/common/oauth2/token 
  -H 'cache-control: no-cache' 
  -H 'content-type: application/x-www-form-urlencoded;charset=UTF-8' 
  -H 'postman-token: 39902b3f-00c3-e7a8-75d0-6b94f10e07ed' 
  -d 'resource=https://webdir3a.online.lync.com&client_id=XXXX-XXXX-XXXX&grant_type=password&username=actualUserName@tenant.com&password=actual_password&scope=openid

然后使用接收令牌从用户URL获取应用程序URL。一旦检索了应用程序URL,就必须发布一个新的令牌请求以获取应用程序服务器的令牌,在我的情况下是:

curl -X POST 
  https://login.windows.net/common/oauth2/token 
  -H 'cache-control: no-cache' 
  -H 'content-type: application/x-www-form-urlencoded;charset=UTF-8' 
  -H 'postman-token: 39902b3f-00c3-e7a8-75d0-6b94f10e07ed' 
  -d 'resource=https://webpoolsn23a14.infra.lync.com&client_id=XXXX-XXXX-XXXX&grant_type=password&username=actualUserName@tenant.com&password=actual_password&scope=openid

这个令牌最终可用于创建应用程序和其他消息服务。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium