我想集成office365服务管理API从中收集事件。我想使用客户端凭据方式使用服务对服务调用,但我收到以下错误,
{
"error":"invalid_client",
"errordescription":"AADSTS50048:受试者必须与客户端断言中的发卡机构声明匹配。
\\r\n跟踪ID:1ad7acd8-3945-4fe0-a313-07638eb76e42\r\n关联ID:a6c3a3c9-b737-4bfc-894f-3086c3cece8dfa\r\n时间戳:2016-06-09 07:20:15Z",
"error_codes":[50048],
"时间戳":"2016-06-09 07:20:15Z",
"trace_id":"1ad7acd8-3945-4fe0-a313-07638eb76e42",
"correlation_id":"a6c3a3c9-b737-4bfc-894f-3086c3ce8dfa">
}
我使用以下文档进行集成,为了获得客户端认可,https://msdn.microsoft.com/en-us/library/azure/dn645543.aspx我明白了。但是对于Access令牌,https://msdn.microsoft.com/en-us/library/office/dn707383.aspx我不认为这是一个超过错误的回应。有人帮我一下:)
您是如何获得client_asseration的?您提供的链接没有描述如何获取"客户端断言"。它获取带有应用程序id和机密的令牌,这不支持Office 365 Management API。您可以参考有关"客户端断言"的博客。
这里有一个C#代码示例,它使用ADAL来获取客户端凭据流的访问令牌:
string clientId = "{clientId}";
string certThumbprint = "{copy from mmc}";
certThumbprint = certThumbprint.Replace("u200e", string.Empty).Replace("u200f", string.Empty).Replace(" ", string.Empty);
string apiResourceId = "https://manage.office.com";
X509Certificate2 cert = null;
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
string authority = "https://login.windows.net/{yourTentant}";
var authContext = new AuthenticationContext(authority);
try
{
store.Open(OpenFlags.ReadOnly);
cert = store.Certificates.Find(X509FindType.FindByThumbprint, certThumbprint, false)[0];
}
finally
{
store.Close();
}
var certCred = new ClientAssertionCertificate(clientId, cert);
AuthenticationResult result = null;
try
{
result = await authContext.AcquireTokenAsync(apiResourceId, certCred);
}
catch (Exception ex)
{
}