我有一个Skype for Business帐户呼叫art@shockw4ves.onmicrosoft.com,我正在尝试获得授权。
- 我第一次请求lyncdiscover服务
GET https://lyncdiscover.shockw4ves.onmicrosoft.com/
答:
{
"_links": {
"self": {
"href": "https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=shockw4ves.onmicrosoft.com"
},
"user": {
"href": "https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=shockw4ves.onmicrosoft.com"
},
"xframe": {
"href": "https://webdir1e.online.lync.com/Autodiscover/XFrame/XFrame.html"
}
}
}
- 然后我采取
user
链接并做下一个请求 - 此响应包含我的凭证数据。我接受授权uri并执行下一个请求
GET https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=shockw4ves.onmicrosoft.com
回答:401年授权
Cache-Control → no-cache
Content-Length → 1293
Content-Type → text/html
Date → Wed, 30 Sep 2015 11:16:37 GMT
WWW-Authenticate →
Bearer trusted_issuers="00000001-0000-0000-c000-000000000000@*",
client_id="00000004-0000-0ff1-ce00-000000000000",
authorization_uri="https://login.windows.net/common/oauth2/authorize",
MsRtcOAuth
href="https://webdir1e.online.lync.com/WebTicket/oauthtoken",
grant_type="urn:microsoft.rtc:passive,urn:microsoft.rtc:anonmeeting"
X-Content-Type-Options → nosniff
X-MS-Correlation-Id → 2147499790
X-MS-Server-Fqdn → AMS1E01EDG08.infra.lync.com
client-request-id → ea4f5098-732f-4feb-ae34-cf6ff7fc1a73
POST https://login.windows.net/common/oauth2/authorize
body of x-www-form-urlencoded:
grant_type=password
username=art@shockw4ves.onmicrosoft.com
password=xxxxxxxxxx
client_id=00000004-0000-0ff1-ce00-000000000000
Answer:
<html>
<head>
<title>Continue</title>
</head>
<body>
<form method="POST" name="hiddenform" action="https://login.microsoftonline.com/common/oauth2/authorize">
<input type="hidden" name="grant_type" value="password" />
<input type="hidden" name="username" value="art@shockw4ves.onmicrosoft.com" />
<input type="hidden" name="password" value="xxxxxxxxx" />
<input type="hidden" name="client_id" value="00000004-0000-0ff1-ce00-000000000000" />
<noscript>
<p>Script is disabled. Click Submit to continue</p>
<input type="submit" value="Submit" />
</noscript>
</form>
<script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script>
</body>
</html>
- 复制此html表单并在浏览器中运行。它重定向到https://login.microsoftonline.com/common/oauth2/authorize并打开带有错误文本的页面:
Sign In
Sorry, but we’re having trouble signing you in.
We received a bad request.
Additional technical information:
Correlation ID: 0669eee8-0dc5-4aa1-a94d-41e5bbc2f25d
Timestamp: 2015-09-30 14:06:30Z
AADSTS50011: No reply address is registered for the application.
我做错了什么?我还测试了:
grant_type=password
grant_type="urn:microsoft.rtc:passive,urn:microsoft.rtc:anonmeeting"
grant_type="urn:microsoft.rtc:windows,urn:microsoft.rtc:anonmeeting,password"
申请没有注册回复地址
有几个问题。第二步的401响应包含一个WWW-Authenticate头,其中grant_type="urn:microsoft.rtc:被动,urn:microsoft。rtc:anonmeeting"表示只允许通过被动或anonmeeting进行身份验证。在步骤3中,请求试图使用不支持的授权类型,密码。
所讨论的帐户看起来/感觉像是与Office365/Lync Online相关联的,这意味着目前没有任何对UCWA的支持。即使支持这一点,您也需要了解如何使用被动身份验证进行身份验证,即UCWA中的身份验证,目前还没有很好的文档。